Originally showing up in Chinese Android Market, this SMSZombie malware has the ability to steal money in fraudulent SMS payments. It has apparently infected some half-a-million Android smartphones. A flaw has been detected in the China Mobile Android SMS Payment System, which would allow hackers to exploit it and steal money.
Announced by TrustGo, they had a peek inside different apps on the GFan Android Market, and discovered the infected app, which attempts to take control of the device once installed.
“The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called ‘Android System Service’,” the researchers at TrustGo wrote in an analysis.
The malware has the ability to send fraudulent payments back to the attackers via SMS, without the user’s consent. With the ability of controlling the device, it can also set the device up for botnet, turning it into a zombie. That is why the malware is dubbed SMSZombie. Finally, the malware installs a configuration file, like any good botnet zombie would have, which can be updated at any time by the hackers.
Protect your device now with Kaspersky Mobile Security.
When it comes to the Black Hat and other conferences soon, a lot of the discussion is going to be on mobile security. Ever since the rise of many mobile trojans on the Android Market, and the downfall of the Mac OS X – mobile security has been an issue among white hats, black hats, researchers, etc. One thing’s for sure: the market is growing for mobile malware.
Google’s new smart tool, Bouncer, the security watchdog for the Android Market (or Google Play), is a user of all the aggregate data on mobile threats. It is adopted to be an effective countermeasure in Android malware. However, may significant countermeasures be done, does not necessarily mean the ability to block all threats. Don’t limit the psychology of these situations… it’s all on the fact that security measures can and will be broken eventually. Therefore, Google must keep evolving their methods used in Bouncer to target more future attack vectors.
Many black hats have been discussing the possibility of targeting mobile security and other vulnerabilities for Bouncer and even doing other measures for breaking security on mobile devices and into the Market. One of the additional tests black hats are interested in doing is comparing the security of the Androis OS versus the iOS. The iOS is getting more updates to security holes/patches. But, what is the quality level between the patches? Should it be better to be the Google Android OS Team and release larger updates or updates in bulk, or be like the Apple iOS Team and release smaller, more manageable updates. It’s all speculation on the black hat scene.
Here are the upcoming black hat conferences:
Black Hat USA: Occurring now – July 21-26, 2012
DefCon: July 26-29, 2012