Android SMSThe Apple iPhone may still be the gold standard when it comes to smartphones, but the Android platform has become the playground of choice for attackers and malware authors looking to make a quick buck. The latest example is a premium-rate SMS Trojan that not only automatically sends costly SMS messages, but also prevents users’ carriers from notifying them of the new charges.

The new piece of malware, which is known as HippoSMS, has been found in unofficial Android app markets in China. Researchers at North Carolina State University came across the HippoSMS malware in some alternative Android markets, and their analysis showed that the malware is set up in sort of a classic host-parasite fashion. The malware is embedded in a seemingly legitimate application in the market, and once users download and install that app, the fun begins.

“Our investigation shows that HippoSMS directly piggybacks the host app so that when the app is launched,
it will immediately activate one service to send SMS messages to a hard-coded premium-rated
number (1066******). After that, it registers one ContentObserver to monitor incoming SMS messages.
Inside the ContentObserver, it will delete any SMS message if it starts with the number “10.”
Note that the numbers such as 10086/10010 represent legitimate mobile phone service providers in China and
are typically used to notify users about the services they are ordering and the information of users’ current
balance of their mobile phone accounts. As a result, we believe the removal of the related SMS messages
is used to hide the additional charges caused from the malware,” Xuxian Jiang, an assistant professor at NC State’s department of computer science, wrote in an analysis of the new malware.

This is just the latest in a series of similar incidents in which attackers and scammers have inserted either outright malicious apps or seemingly benign apps containing malware into app markets. Most of the attacks have targeted Android users, and several times Google has had to remove malicious apps from the official Android market. Just last month, Jiang identified another malware outbreak in the Android Market in which a piece of malware called Plankton was found in at least 10 apps. Google removed those apps from the market.

Perhaps the most infamous incident, though, was the DroidDream malware attack, in which dozens of apps in the Android Market were infected with the DroidDream Trojan and tens of thousands of users downloaded the apps, compromising their mobile devices. Google not only removed the apps from the market in those cases, but also used a little-known capability to remotely remove the malicious apps from users’ phones.

Jiang said that the new HippoSMS malware appears to affect only users in China at the moment. SMS Trojans such as HippoSMS that send stealthy texts to premium-rate numbers have become a serious problem in many European and Asian countries, including Russia, China, Ukraine and others. They haven’t made an incursion in the United States yet, but the day is young.

Categories: Malware, Vulnerabilities

Comments (7)

  1. John P. Guckel - Kaspersky Partner

        Well, didn’t we all know that people that have intentions, such as hackers, like to prey on the unsuspecting? Apple users have been “Duped” into thinking that if you buy an Apple you are bullet proof. And now the mobile phone market is in the same category. I’m not surprised at all.

  2. Jesse Chisholm

    So, when will the App Store upload processes have malware scanners built in?  Something like Avast or AVG or ClamShell, or mcAfee, or Norton, or F-Secure, or …..

  3. Ketch

    The criminal mind works in the strangest ways.

    Let see, you are smart enough to create an subversive android app.
    Only stupid enough to transfer the money to an account associated with you.

    I don’t know on which part of the planet you intent to live, because the most incompetent rookie police officer will find your name, bank account and social security number within minutes, without leaving his desk.

    In fraudster school lesson 1 is: Whatever scheme you concoct, make sure there are no computers involved. Because the computers Banks and Telephone companies deploy register flawlessly and never forget.

  4. Brandon

    The fact of the matter is that just like in the case with PC’s and Laptops, Mobile smartphones are prown to virus attacks and spam mail attacks. In researching the most successful tool to protect and combat these attacks, and from latest testing, the recommended product is BullGuard – check out – they appear to have received the Best Test awards against all thge other A/V companies out there.

  5. Anonymous

    this latest is in some unnamed thirdparty market in china. althorugh there were a couple of malare that got into google’s marketplacefor a short time by and large most of these highly reported malware incidents are in thirdparty markets. if you hae android get an antivirus app and only download frm google or other reputable marketplaces.


  6. Anonymous

    If you want to use a computer as a phone, you need a phone provider that works like an ISP. In other words, you should NOT be able to run up charges simply by typing in a phone number – you should pay one monthly fee period. That way the viruses won’t be financially devastating, provided you have the sense to keep your financial data off the phone like you’d keep it off a computer.

Comments are closed.