Security firm TrustGo Mobile discovered the malware last week, and called it Trojan!MMarketPay.A@Android. It has been found in 9 China app markets and has already infected more than 100,000 Android devices. TrustGo warns that it may be delivered as a repackaged app, such as cn.itkt.travelskygo or com.funinhand.weibo.
Its purpose is to log on to the China Mobile Android Market and download paid-for apps and video. China Mobile is one of the world’s largest mobile providers with 677 million customers. It operates an app store (Mobile Market) for its customers where prices are automatically added to the users’ phone bills.
The Mobile Market allows users to log in and download free or paid-for apps, or view multimedia content. If an app is paid for, China Mobile sends a verification code to the user. MMarketPay operates by covertly instigating and hijacking the log-in process, and intercepting the verification code.
For now, TrustGo concludes that “this sophisticated new malware could cause unexpected high phone bills.” However, given the large number of apps that are installed and their relatively low cost, it is perfectly possible that many users will notice neither the app nor the addition to the phone bill – and will remain unaware that they have been infected. The same methodology could also be used to download and install ‘free’ spyware or spyware-infected apps that might have been planted in the Market.
TrustGo notes that the majority of mobile malware is found in applications that originate from and attack third-party markets in China and Russia. It “recommends customers only download apps from trusted app stores and download a mobile security app which can scan malware in real-time.”