Bill Shocker was discovered by NQ Mobile and disclosed today. It is an SDK designed by malware developers that currently infects several of the most popular apps in China, including Tencent QQ Messenger and Sohu News. The infected apps are then distributed by third-party online app stores and retail installation channels.
The malware can take remote control of an Android device, including the contact list, internet connections and dialing and texting functions. “Once the malware has turned the phone into a ‘zombie’,” warns NQ, “the infection uses the device to send text messages to the profit of advertisers. In many cases, the threat will overrun the user’s bundling quota, which subjects the user to additional charges.”
Bill Shocker was discovered by NQ’s RiskRanker, an analysis system that detects dangerous behavior in apps. It shows that the malware is capable of upgrading itself and expanding to other apps – which is what makes its potential spread from China to the rest of the world more worrying.
In an attempt to prevent this spread, NQ has updated its own security product (which has a 63% market share in China) to include an ‘inoculation’, and has alerted Chinese carriers to the threat. It advises all Android users to download apps only from trusted sources, to closely monitor the permissions requested by an app, to watch out for unusual behavior, and to use a trusted third party security scanner able to scan downloaded apps for security issues.