ID: IRCNE2012081590
Date: 2012-08-21
According to "techworld", reports have emerged from China of an ingenious new backdoor Android malware attack that has infected hundreds of thousands of subscribers and can prove difficult to de-install without technical support.
Dubbed Trojan!SMSZombie.A – ‘SMSZombie’ for short - by one of the companies reporting on it, the malware is said to have spread through the largest Chinese Android marketplace.
The innovation is the use of a backdoor to install itself before the payload is downloaded. This makes detection harder, said the company that detected it, TrustGo.
The malware becomes active once it has been selected as the smartphone’s wallpaper, after which it asks to download additional files in the form of what claims to be an ‘Android system service.’
It then asks for administrator privileges (pressing the cancel button for this request simply throws up a dialog box each time), after which the user cannot disable the app using Android’s ‘uninstall app’ function.
Beyond the fact that the criminals have control of the device and can intercept messages, the purpose is to defraud the user of money via payments exploiting an unspecified flaw in the China Mobile SMS Payment System.
Noticed as long ago as 25 July, TrustGo said that it believed the malware had infected more than 500,000 smartphones.
SMSZombie is unlikely to affect subscribers in countries such as the US and UK, but its design indicates that attackers are thinking of ways to beat new layers of security added to protect Android systems.
SMSZombie can be de-installed manually by following the instructions posted by TrustGo.
- 3