Chinese Android users warned against “Bill Shocker” malware, 620K devices infected

January 31, 2013
39 40 6

android malware

Chinese users are warned against malware circulating around app repositories that hijack the smartphone’s messaging system to send spam messages. Dubbed “Bill Shocker,” the advisory on the malware was made by security research firm NQ Mobile, which runs RiskRanker. The firm said the malware is capable of sending mass SMS from the infected device. Other potential threats include the ability of the hacker to remotely control the device, as well as steal personal information, such as contacts.

The Next Web reports that the malware disguises itself as apps popular in the country, including Tencent QQ messenger and Sohu news. To date, the malware is estimated to have infected 620,000 Android-powered devices already. NQ Mobile says these were likely to have been distributed through side-loading of applications and downloading from untrusted app repositories. Once the infected apps are installed, Bill Shocker will download the malware in the background.

There are a few concerns here, of course. While security researchers would often argue that downloading from the official app repository is the best way to combat malware, this may not necessarily be the case in China, because of the fact that Google Play is banned from within the country. As such, Chinese users usually resort to alternative application stores like MIUI, GFan and Wandoujia, which are available from within the country. And when users have difficulty downloading Android apps from these marketplaces, then the alternative would be to side-load the apps by copying and running the APK. This is compounded by the fact that users are not usually keen on double-checking the permissions that apps request upon install.

Still, even with the 620,000 infected smartphones, it’s only a drop in the bucket, considering China’s 1 billion mobile phones overall (with about 250 million being Android smartphones). It’s interesting to note, though, how fast malware like these could spread if not monitored. NQ Mobile has a few recommendations to prevent your Android device from being infected by malware. This is not only limited to China, nor the “Bill Shocker” malware, but the potential risk in getting infected in general:

  • Install only from official application marketplaces. In the case of Android users worldwide, there’s Google Play Store and the Amazon AppStore. Chinese users will have to opt for their more reputable alternatives.
  • Don’t accept app requests from unknown sources.
  • NQ Mobile also recommends installing anti-malware or security apps that try to detect malware in other apps. The company offers its own tool for removing Bill Shocker and other malware.
  • When downloading or installing apps, double check the permissions. If there are permissions you don’t expect (like a game requesting access to SMS or calling features), then be doubtful.

Again, any platform is vulnerable, although Android’s rising market share and sales numbers make it the biggest target for malware makers. It helps to be smart when installing and running apps. But when in doubt, anti-malware apps are also helpful.

Comments

  • yungqb7

    A little bit of common sense is key with anything people

  • fatyss

    we are in post pc era but still we have install anti viruses on the device , i think this is just a beginning of this.

  • ranger

    well, why ban Google Play Store in the first place…
    they’re digging their own grave

    • Erick

      they have their own “google play” like MIUI store.

  • Ignacio Martín

    Their app stores are full of pirated apps.

  • intvidia

    No problem if not sideloading apps, as usual. Nothing of concern to the international android user here, move on.