New Android Malware Discovered in China Unofficial Markets

July 15, 2011
1
17
1 15 1

A research team led by Assistant Professor Xuxian Jiang of North Carolina State University’s Department of Computer Science discovered a new Android malware last July 10. According to Jiang, the research team found 4 instances of the malware, called HippoSMS, in alternative Android markets in China.

Users whose Android devices have been infected by the malware will unknowingly incur additional phone charges. HippoSMS sits hidden in a host app, and when the host app is run, HippoSMS sends SMS messages to a premium number. HippoSMS also monitors incoming text messages and deletes any message coming from numbers beginning with “10.” The notification services of most mobile phone networks in China typically begin with the number “10.” Consequently, users who have HippoSMS on their Android devices will not know the current balance of their mobile phone subscriptions.

Jiang’s team immediately coordinated with other research labs and mobile antivirus/security companies for signature extraction so that antivirus and antimalware scanners can successfully detect HippoSMS in apps where it is present.

Apparently, however, the malware is localized in China and seem to target only China-based users. Jiang reports not finding the malware in the official Android Market. Jiang, however, reminds Android users of basic guidelines for security when using an Android device:

  • downloading and installing apps only from reputable sources
  • checking reviews, ratings, and developer information before deciding to install an app
  • checking permissions needed by an app and deciding whether the requirements are comfortable to you
  • being alert to the device’s odd behavior
  • install security software on the device

Although these guidelines are not completely fool-proof, they do help minimize the spreading of malware on Android.

Do you follow these basic security guidelines? What extra steps do you take to ensure your phone and its data are safe and secure?

Comments