New virus targets Android, makes unauthorized payments

A new virus targeting devices running Google's Android platform not only steals bank card numbers and money transfer information, but also generates unauthorized payments. Dubbed SMSZombie.A, the virus exploits a vulnerability in the China Mobile SMS Payment process to make such payments, security vendor TrustGo Security Labs said. "The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called 'Android System Service,'” it said. It added this virus has been used to recharge online gaming accounts via the China Mobile SMS Payment system, charging the victim’s account a relatively small amount to escape detection. TrustGo added that the virus has some features that make it difficult to detect and eradicate: - The malicious code is added to users’ devices after downloading and installing the app, so the apps themselves do not have malicious markers in the marketplace. - The amount and timing unauthorized charges can be changed at any time by the malware makers, so users are often unaware that they have been hacked. - Once installed, the virus is able to disable users’ ability to delete it. SMSZombiePay was found on China’s largest mobile app marketplace, GFan, and has been identified in the following packages: com.ldh.no1 com.lzll.pic com.xqxmn18.pic com.gmdcd.pic com.gsjnqt1.pic com.zqbb1221.pic com.bntsxdn.pic Once installed, the virus then tries to get administrator privileges on the user’s device. Attempts by the user to cancel the process by tapping the “Cancel” button only reloads the dialog box until the user eventually is forced to select “Activate.” The privileges disable users’ ability to delete the app, causing the device to return to the home screen even after choosing to uninstall the app. The malware can also intercept and forward a variety of SMS messages. "Because these messages often include banking and financial information, users' accounts can easily be hacked further," TrustGo said. A separate article on tech site TheNextWeb.com said up to 500,000 devices may have been infected. "While that’s a drop in the ocean for China Mobile’s 683 million subscribers, it has the potential to make a large number of unauthorized transactions and cause trouble and annoyance for many," it said. - BM, GMA News