Originally showing up in Chinese Android Market, this SMSZombie malware has the ability to steal money in fraudulent SMS payments. It has apparently infected some half-a-million Android smartphones. A flaw has been detected in the China Mobile Android SMS Payment System, which would allow hackers to exploit it and steal money.
Announced by TrustGo, they had a peek inside different apps on the GFan Android Market, and discovered the infected app, which attempts to take control of the device once installed.
“The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called ‘Android System Service’,” the researchers at TrustGo wrote in an analysis.
The malware has the ability to send fraudulent payments back to the attackers via SMS, without the user’s consent. With the ability of controlling the device, it can also set the device up for botnet, turning it into a zombie. That is why the malware is dubbed SMSZombie. Finally, the malware installs a configuration file, like any good botnet zombie would have, which can be updated at any time by the hackers.