China Facing Problems With Android Handsets & Pre-installed Trojans


It seems like the Chinese are always coming up with inventive ways to scam people, this time the people in their own country. Android is of course growing quickly globally and China is no exception with the availability of cheap hardware there the open-source Android OS is a natural choice.

The latest scam is some new generation of “money sucking mobiles” – which are basically Android handsets that steal the users credit by making covert calls or sending premium SMS. It does this very slowly so the user doesn’t notice, it also enables the vendors to sell the handsets very cheaply as they are essentially subsidized by the fraud.

The Chinese government is to crack down on “money sucking” mobiles: Android-based handsets that subsidise themselves by stealing from the customer’s account.

The crackdown aims to involve network operators, target retailers and ensure that selling handsets featuring pre-installed Trojans is explicitly illegal, according to the Google translation.

The idea is to set up a central unit to manage complaints, though it seems the scam has been going on long enough to build up considerable momentum.

The handsets concerned are sold cheaply, and generally unbranded, though some bear forged logos. Once they go into use the Android-based handsets start quietly sending text messages, or making a silent call or two. The transactions only incur a fee of about around 20 pence (0.3USD) a time, in the hope the user will never notice, while the miscreant collects the termination fee or other premium charge.

It’s pretty shady, but not much different from the reports of US and UK consumers with branded network phones having all kinds of weird network charges which they can’t stop because the phones are loaded up with proprietary crapware (oh hello Vodafone, Orange, T-Mobile and so on).

It’s an interesting model for fraud and honestly I think it will continue for a long time as it’s unlikely the users of low end Android devices will bother reading such tech-news and even if they did…what can they do about it? If they are really techy of course they can just root the phone and remove the malware themselves.

But for the rest of the unwashed masses, what options do they have? Not a lot really apart from the ditching the phone and buying another with the hope that it doesn’t come pre-installed with a trojan.


The amounts are small, but the idea is to collect it over a long period, enabling the handset to be sold very cheaply and thus feeding a virtuous circle that benefits everyone – except the poor sap who thought he was getting a cheap Android handset.

“I think the software industry lacks a better business model, they can only make these knock-off and money-sucking software in order to survive,” said Zhao Wei, CEO of Chinese security company Knownsec, according to PC World. “This is fast becoming an industry in itself.”

Manufacturers and network operators have a long history of preinstalling applications which they hope will rake in additional cash, much to the annoyance of users. Hiding them from the user is an obvious evolution of that idea, though hopefully a step too far for the bigger brands at least.

It does show that these handset and mobile software developers don’t really have a sustainable legitimate business model. Partially due to the fact that the competition in China is just so immense and partially because this kind of business can prosper.

Just look at Huawei now.

Source: The Register

Posted in: Legal Issues, Malware, Privacy

, , , , , , , , , ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


One Response to China Facing Problems With Android Handsets & Pre-installed Trojans

  1. Bogwitch January 17, 2011 at 11:16 am #

    The old adage remains true: If it looks too good to be true, it probably is.

    Although that could probably be updated to: If it looks too good to be true, it is.