Broadband Tech > Security > Security > Stealth SMS payment malware:Chinese Android app stores

We’ve written before about China’s unique app store eco-system, which has seen hundreds of independent Android app stores sprout in response to the surge in sales of Android-powered phones and Google’s Play limited presence, and the vulnerabilities of the system have again been highlighted with the discovery of a new virus capable of making unauthorised payments, which is said to have affected more than half a million users already.
Following its discovery of another bill-racking virus, MMarketPlay, six weeks ago, anti-virus specialist TrustGo has identified sophisticated malware that is capable of making payments, accessing bank/card details and past payment and bill history.

Dubbed ‘Trojan!SMSZombie’, the virus was first identified on July 25 by the firm, which claims to be the first security specialist to locate it and offer a method to remove the malware — which ‘barricades’ itself onto infected devices.

Infected apps has been located in GFan, one of China’s most prominent app stores, among other places and is said to have infected more than more than 500,000 users to date.

While that’s a drop in the ocean for China Mobile’s 683 million subscribers, it has the potential to make a large number of unauthorised transactions and cause trouble and annoyance for many.

The creators of the malware have been careful to avoid attention by giving users huge bills, and TrustGo says that, so far, they have recharged accounts for online gaming sites and other services by making “relatively low” deposits from infected phones.

In a post on its blog, TrustGo explains how the virus — which lurks in wallpaper apps and ‘activates’ post-download – quietly gains access to users’ SMS functionality before exploiting a vulnerability within China Mobile’s SMS payment gateway to carry out transactions and access data: