Related Links

  • NQ Mobile
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


New Android malware infects 620,000 mobile phones

30 January 2013

Dubbed ‘Bill Shocker’ because it sends surreptitious and costly text messages, the malware is largely confined to China but has the potential to infect any Android user anywhere.

Bill Shocker was discovered by NQ Mobile and disclosed today. It is an SDK designed by malware developers that currently infects several of the most popular apps in China, including Tencent QQ Messenger and Sohu News. The infected apps are then distributed by third-party online app stores and retail installation channels.

The malware can take remote control of an Android device, including the contact list, internet connections and dialing and texting functions. “Once the malware has turned the phone into a ‘zombie’,” warns NQ, “the infection uses the device to send text messages to the profit of advertisers. In many cases, the threat will overrun the user’s bundling quota, which subjects the user to additional charges.”

Bill Shocker was discovered by NQ’s RiskRanker, an analysis system that detects dangerous behavior in apps. It shows that the malware is capable of upgrading itself and expanding to other apps – which is what makes its potential spread from China to the rest of the world more worrying.

In an attempt to prevent this spread, NQ has updated its own security product (which has a 63% market share in China) to include an ‘inoculation’, and has alerted Chinese carriers to the threat. It advises all Android users to download apps only from trusted sources, to closely monitor the permissions requested by an app, to watch out for unusual behavior, and to use a trusted third party security scanner able to scan downloaded apps for security issues.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×