On July 25, TrustGo Security Labs identified a new sophisticated piece of malware that mainly targeted Android users from China. Identified as SMSZombie.A, the Trojan is believed to have infected over 500,000 users.
The malicious element exploits a security hole in the SMS payment system of China Mobile to make unauthorized payments and steal sensitive banking information.
So far, SMSZombie has been identified in seven different apps that have been carefully planted on GFan.com and other Chinese Android application markets.
So, how does the Trojan infect phones?
The malware is spread via shady wallpaper apps entitled something like “Android Animated Screensaver: Animated Album I Found When I Fixed My Female Coworker's Computer.” Once it's installed, it prompts the victim to install additional components which contain its malicious payload.
During this process, it activates a service and makes itself difficult to remove.
After it obtains root privileges, SMSZombie intercepts and forwards incoming SMS messages – which in some cases contain sensitive information – to the attackers.
“By waiting to deliver malicious code until after installation, this virus is difficult to detect. Sophisticated malware like this highlights the fact that the openness of the Android platform is a double-edged sword,” said Xuyang Li, CEO of TrustGo.
“Users are able to access an amazing breadth and variety of apps, but must take precautions to ensure the apps they want have not been compromised by hackers.”
The victims of this threat report that online gaming accounts have been recharged via China Mobile’s SMS payment system.
However, in order to keep a low profile, the malware only steals small amounts of money from the targeted accounts.
TrustGo customers are protected against this threat, but experts advise
users to carefully check an application before installing it on their mobile phones.