Android 'SMSZombie' Trojan infects 500,000 Chinese users
Difficult to de-install
Reports have emerged from China of an ingenious new backdoor Android malware attack that has infected hundreds of thousands of subscribers and can prove difficult to de-install without technical support.
Dubbed Trojan!SMSZombie.A – ‘SMSZombie’ for short - by one of the companies reporting on it, the malware is said to have spread through the largest Chinese Android marketplace, GFan, piggybacking itself as a back door on the back of porn-themed wallpaper apps.
The innovation is the use of a backdoor to install itself before the payload is downloaded. This makes detection harder, said the company that detected it, TrustGo.
Related Articles on Techworld
The malware becomes active once it has been selected as the smartphone’s wallpaper, after which it asks to download additional files in the form of what claims to be an ‘Android system service.’
It then asks for administrator privileges (pressing the cancel button for this request simply throws up a dialog box each time), after which the user cannot disable the app using Android’s ‘uninstall app’ function.
Beyond the fact that the criminals have control of the device and can intercept messages, the purpose is to defraud the user of money via payments exploiting an unspecified flaw in the China Mobile SMS Payment System.
Noticed as long ago as 25 July, TrustGo said that it believed the malware had infected more than 500,000 smartphones.
“It has been confirmed that this virus has been used to recharge online gaming accounts via the China Mobile SMS Payment system. Commonly, the victim’s account is charged a relatively low amount to escape detection,” said TrustGo.
SMSZombie is unlikely to affect subscribers in countries such as the US and UK, but its design indicates that attackers are thinking of ways to beat new layers of security added to protect Android systems.
All the same, SMS frauds via premium rate services are far from unknown, although such events have yet to sink receive wider publicity In May, a fake Angry Birds app was discovered that had infected 1,400 UK phone users, defrauding them of around £28,000 ($44,000).
In July, Trusteer reported on an Android Trojan being distributed to beat the SMS authentication systems used by European and US banks.
SMSZombie can be de-installed manually by following the instructions posted by TrustGo.