The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far.
Analysts at TrustGo Security Labs have discovered the Trojan!SMSZombie.A. It is a complex and sophisticated malware that exploits a vulnerability in the China Mobile SMS Payment System to fund unauthorised payments, steal bank card numbers and receipt information regarding money transfers. The trojan is difficult to detect, and even more difficult to remove.
SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. The trojan installs itself on a device after its user has downloaded and installed the app, making detection difficult. As a result, the wallpaper app is not flagged as malicious in the marketplace.
Further, the trojan can change the amount and timing of unauthorised charges; that way most times users don't know that they have been hacked. According to the information TrustGo Vice President of Engineering , the Trojan does not report back to a C&C server. In fact, the malware receives its orders from an ever-changing set of random phone numbers.
The malware can remotely control the infected device. It enables hackers to remotely control victims' mobile SMS payments system, allowing them to secretly authorize payments for amount and at any time. “Our guess is that these malware developers have some connection with these premium services,”.
Researchers have found that by using a configuration file, which can be updated by the makers of the malware at any time, it is possible for the malware to intercept and forward text messages. As SMSes sometimes include banking information and other financial details, the malware can wreak further havoc in user accounts.