A new family of malware has infected some 100,000 Android devices via malicious application downloads on nine separate third-party markets in China, according to researchers at the mobile security provider TrustGo.
The researchers are calling this strain ‘Trojan!MMarketPay.A@Android’ (‘MMarketPay.A’), and it’s a sort of SMS scam monetized by automatically placing fraudulent orders on users’ accounts without their consent.
The malicious application has been found repackaged as com.mediawoz.goweather, com.mediawoz.gotq, com.mediawoz.gotq1, cn.itkt.travelskygo, cn.itkt.travelsky, com.funinhand.weibo, sina.mobile.tianqitong, and com.estrongs.android.pop in the following Chinese, and in at least one case, Japanese Android markets: nDuo, GFan, AppChina, LIQU, ANFONE, Soft[dot]3g[dot]cn, TalkPhone, 159[dot]com, and AZ4SD.
‘MMarketPay.A’ exploits customers of China Mobile’s Android market, which is aptly named Mobile Market. So, the trojan places orders on infected devices, which are then paid for through Mobile Market’s SMS-based payment system, and China Mobile later adds these orders to the customers’ bills.
TrustGo claims that China Mobile is one of the largest wireless providers in the world.
TrustGo encourages users to run a mobile security application and advises that users should avoid downloading apps from third-party markets altogether. You can find TrustGo’s full report here.