Android Malware App Covertly Makes Purchases On China Mobile Market


There seems to be a trend towards malware on the Android platform that extorts money from the user somehow, either through premium SMS or services – or the latest trojan – which covertly purchases apps from the mobile market.

We first wrote about Android Antivirus software from Symantec back in 2010 and it seems like recently, it’s becoming more necessary.

DroidDream malware starting proliferating the app store last year in 2011, and there was the article about China Facing Problems With Android Handsets & Pre-installed Trojans.

Security researchers are warning of yet another Android malware outbreak which has spread to nine app stores and infected 100,000 with code designed to covertly purchase apps and content from China Mobile’s Mobile Market.

Mobile security firm TrustGo explained that the MMarketPay.A Trojan could be hidden in a number of legitimate-looking applications, including those from Sina and media streaming company Funinhand, as well as travel and weather apps.

The malware has already been placed in nine different third party Android app markets in China, infecting over 100,000, the firm said. Once downloaded, the Trojan will automatically place orders for paid content and apps at China Mobile’s official Mobile Market online store without informing the user. It is able to intercept China Mobile’s verification SMS and post the code to the Mobile Market web site in order to complete the purchase, said TrustGo.

In the event of CAPTCHA being triggered at this stage, the malware will apparently send the relevant image to a remote server for analysis.

It seems to be happening most of all in China, this isn’t the first time and I guess it won’t be the last. I attribute it to the fact it’s a fairly new smartphone market and the sheer number of people there makes it very attractive to develop this kind of money making malware.

Just get it out there to a few million people (an extremely small percentage of the population in China) and you’re rich. China is being flooded with cheap Android handsets and tablets, so I’d expect to see more of these threats coming from there in the coming months.


The advice from the security experts at TrustGo is for users to only download Android apps from trusted app stores and to have some form of real-time mobile security scanner installed on their device to prevent any dodgy downloads.

Visiting an apparently legit app store is no guarantee you’re going to get a malware-free experience, however. Malware is frequently turning up on the official Android marketplace Google Play – although admittedly less frequently than on some of the more dubious third party sites.

The latest discovery came at the tail end of last week when researchers found malware that lifts the victim’s location data and address book info. China in particular has been a hotbed of malicious Android activity for some time.

In April, the Chinese authorities were forced to publically reprimand the country’s two biggest mobile carriers, China Mobile and China Telecom, after uncovering “many problems” in their respective app stores. Globally too, Android continues to be a favourite with cyber criminals.

So…if you live in China, and use an Android handset – be extremely careful! If not, you should be pretty safe, we aren’t seeing much of this type of malware outside of China – or any kind of Android malware really.

Even though there have been some serious flaws like – Critical Zero Day Abobe Flash Flaw Puts Android Phones At Risk.

The scariest part for me is how smartly this trojan has been developed, it can place orders, intercept the verification SMS and provide it back to the app store – that’s pretty impressive!

Source: The Register

Posted in: Malware, Spammers & Scammers

, , , ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


Comments are closed.