Android SMS Stealer Masquerades as Fake AliPay Security App

Written by

An Android malware has made the rounds that disguises itself as a security feature for a famous Chinese online payment app, AliPay.

According to Zscaler research, the fake app is a malicious SMS stealer Trojan. It portrays itself as "security controls," tricking victims into thinking it’s an app enhancing AliPay. AliPay, the PayPal of the East, is a third-party online payment platform with no transaction fees, supporting more than 65 financial institutions including Visa as well as MasterCard. Globally, more than 300 merchants use AliPay. It also supports transactions in 14 major foreign currencies.

Upon installation, the app hides itself and the icon disappears, and proceeds to steal SMS and forward them to a Command and Control (C&C) server.

“As soon as the victim tries to use the app, it displays an introductory screen and it was programmed to disappear after three seconds,” Zscaler researchers said in an analysis. “Both the screen and the icon are gone at this instance. The victim might think that the app must be faulty and was removed implicitly by Android OS.”

The main motive of the malware developer is to collect SMS messages from a victim's phone. But since the malware doesn’t ask for administrator privileges, removing it isn’t hard to do. The victim can simply uninstall it by using the settings option in the Android device.

“We urge users to not trust any unknown links received via messages or emails,” said the researchers. “Additionally, disable the option of ‘unknown sources’ under settings….We always suggest that our customers (and everyone) do not trust apps from unknown parties and only download items from the official app stores that are trustworthy, like Google's Play store.”

What’s hot on Infosecurity Magazine?