14 DAY TRIAL // It appears that NetQin specialized in discovering new viruses, malware and exploits within the Android mobile platform.
The latest achievement of the company is the discovery of a malware, (too) evidently named “the Malware” within more than 20 Android apps that are available for download via various forums on the Internet.
The newly discovered malware auto-dials phone numbers to incur high user fees. Some of the infected mobile applications include QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey and Gold Miner among others.
According to NetQin, the malware can be easily embedded in legitimate apps, and when these are being installed, it prompts the user to upgrade.
Once the user chooses to upgrade, the malware is installed in the device under the software name “com.android.battery.”
As soon as another prompt pops up to ask the user to restart the app to run it, the malware is formally activated upon restarting.
It seems that upon activation, the malware activates three malicious services, AdSmsService, BridgeProvider and PhoneService.
These service are used to communicate with a control server, from which it will download a configuration list to read related information and dial calls or send out SMS messages accordingly, incurring fees for the users.
To make things even more “interesting,” the malware also blocks messages from the network operator to prevent users from getting call logs updates in time so that all malicious activities are remain hidden to the user.
To avoid getting all kinds of malicious program, it is recommended to download apps from trusted sources, application stores and markets, and be sure to check reviews, ratings and developer information.
Installation of an anti-virus software is also recommended, as the program can be used to scan any third-party application.
Users should be aware what update or upgrade requests they accept, as they may contain viruses or malware.