A new piece of malware has been discovered on more than 100,000 Android smartphones in China. It generates revenue by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile, one of the largest wireless providers in the world.
TrustGo, which first discovered the malware, is calling this particular threat “Trojan!MMarketPay.A@Android” and has already found it on nine app stores: nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com, and AZ4SD. The security firm also disclosed the following eight package names for the malware:
MMarketPay.A works by placing malicious orders at Mobile Market. Normally, a Mobile Market customer receives a verification code via SMS after purchasing an app or multimedia content, which he or she has to input back into the market to start the download. China Mobile then adds this order to the customer’s phone bill.
MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills. It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis.
In short, MMarketPay.A is a complex little bugger. If you’re using an Android device on China Mobile, you may want to check your phone bill and make sure there’s nothing suspicious on it.
Android lets you download and install apps from anywhere (provided you have the following option enabled: Settings => Applications => Unknown sources). If you want to minimize the chance of downloading malicious apps, please only use the official Google Play store.