Originally showing up in Chinese Android Market, this SMSZombie malware has the ability to steal money in fraudulent SMS payments. It has apparently infected some half-a-million Android smartphones. A flaw has been detected in the China Mobile Android SMS Payment System, which would allow hackers to exploit it and steal money.
Announced by TrustGo, they had a peek inside different apps on the GFan Android Market, and discovered the infected app, which attempts to take control of the device once installed.
“The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called ‘Android System Service’,” the researchers at TrustGo wrote in an analysis.
The malware has the ability to send fraudulent payments back to the attackers via SMS, without the user’s consent. With the ability of controlling the device, it can also set the device up for botnet, turning it into a zombie. That is why the malware is dubbed SMSZombie. Finally, the malware installs a configuration file, like any good botnet zombie would have, which can be updated at any time by the hackers.
Protect your device now with Kaspersky Mobile Security.
About 20 million Yen (close to $500,000 USD) was obtained through fake Android apps used by three top IT executives in Japan.
The main Android app was marketed as a video playing application. Adult websites were commonly the environment for this special download. Many of the operations that were conducted by the malware include a basic trojan style infection: stealing personal data and storing it on remote servers.
Approximately 9,000 users downloaded the app since December 2011. The names of these men and other information can be obtained here: yomiuri.co.jp/dy/national/T120614004390.htm
In Japan, it is a a crime to create malware, as noted here (you’ll need Google Translate or similar service if you cannot read Japanese language).
What’s being dubbed as Android Security Suite Premium, or identified generically as Troj.AndroidSecSP.
It uses six command & control servers to help instigate its attack.
See all the research data from Kaspersky Lab:
Also, feel free to see the analysis from Symantec.
It is highly important to have some sort of antivirus protection for your mobile device. Get Kaspersky Mobile Security today!
Lately, smartphone users mainly, have received SMS text messages regarding Best Buy Gift Card for free. The main lead to the Best Buy site was actually a fake Best Buy site. The prefix of the URL was http://www.bestbuy.com however, the suffix of the URL was fake. So, a URL like http://www.bestbuy.com.fake.url.biz (fake.url placed in for example only) could be the full address in some cases.
Do not click this link in your text message (or even email).
The text messages commonly received appear like the following:
Your entry in our drawing WON you a FREE $1,000 Best Buy Giftcard! Enter “123” at http://www.bestbuy.com.fake.url.biz to claim it and we can ship it to you immediately!
If you receive a text message or email such as this: IGNORE IT! You will save yourself TIME, MONEY, and even IDENTITY!
It is highly important to have some sort of anti-spam and antivirus protection for your mobile device. Kaspersky Mobile Security can block unwanted calls and texts from specified or unknown numbers and prevent spam and viruses from infecting your phone while you’re surfing the Internet. Get Kaspersky Mobile Security today!
Research at seCURE Connexion reveals the top Android Malware currently “trending” (had to use a trendy word). See below!
- Troj.Android-Smspacem – This malware baddie usually arrives as a part of a re-packaged application (app) on the Android Store or can be obtained through SMS Texting. The object of the malware is to change the wallpaper of the Home screen and then send out spam to all the people in the address book of the device. Many people on the other end receive messages from the affected phone. Many times it has to do something about “Jebus” and “apocalypse” blabs.
- Troj.BaseBridgeAndroid – This trojan is known to be installed without knowledge, and steals sensitive data. When the stolen data is indexed, it is sent to a remote server. It also attempts to terminate certain applications. Particularly 360 Mobile Safe. Know that is can also read your sent and received SMS Text Messages, and intercept incoming messages before they are delivered to the device’s inbox.
- Troj.FakeBattAndroid – This is a classic trojan, which acts like a Battery and CPU usage monitor…however, it gathers device data and sends it to a remote server.
- Troj.DDspyAndroid – This baddie is a fake Gmail app, and likes to hide in your App List instead of having a regular appearance. It likes to record SMS Texts, calls, voicemails, etc. It may get into GPS data very soon, which is a scary thought.
- Troj.StiniterAndroid – This new baddie attempts to change device settings and set the device up for remote connection, so data can be sent to their server. It also attempts to run your battery down by keeping the CPU from sleeping, disabling keyguard, and disabling the dimmer. It likes to send the command ACTION_BOOT_COMPLETED, which causes the device to boot slowly.
All in all, Android was built for security…right? However, with their Bouncer system, it is supposed to block bad apps. However, with clever cloaking and social engineering, a malware piece can infiltrate the system and get past Bouncer. Read more about bypassing Bouncer.