Smartphones are on the rise in China. With a billion mobile phones, a fast-growing proportion of which are smartphones, this mobile ecosystem is ripe for the picking for malicious hackers. According to an assessment from a security company, almost half a million smartphones in the country have been infected by an SMS payment malware coming from Android app marketplaces.
Google Play is banned from within the so-called Great Firewall of China. As such, Chinese Android users would usually get apps from third-party app stores. However, anti-virus company TrustGo says it has identified a piece of malware capable of sending premium SMS numbers and accessing financial information on infected phones.
The malware is dubbed Trojan!SMSZombie, and has been proliferating in apps found on GFan, one of the more popular app stores in China. 500,000 is a very small proportion of the billion or so mobile users in the country (just .05%), but the potential for harm is great, given its ability to access banking information.
TrustGo says the trojan hides in a variety of wallpaper apps, mostly with provocative titles and photos. The app will request to install additional files supposedly associated with the app, but will actually download and execute a payload within a file called “Android System Service.”
This process will then obtain admin privileges and then subsequently take over the phone’s SMS capabilities. TrustGo has offered removal instructions for anyone infected.