Android securityA nasty new piece of malware that has the ability to steal money from users’ via fraudulent SMS payments has shown up in a Chinese Android market and researchers say it’s infected more than 500,000 victims. The SMSZombie malware is being hidden inside apps on the app market and once it’s on a device it has the ability to prevent users from uninstalling it.

The SMSZombie malware targets Android devices and uses a flaw in the SMS payment system used by China Mobile to forward payments to the attacker without the user’s knowledge. Researchers at TrustGo, a mobile security company, found that the malware is hiding inside of various apps on the GFan Android market in China and once users download an infected app, the SMSZombie malware attempts to gain administrator-level privileges on the device.

The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called ‘Android System Service’,” the researchers at TrustGo wrote in an analysis.

“Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the ‘Cancel’ button only reloads the dialog box until the user eventually is forced to select ‘Activate’ to stop the dialog box. These privileges disable users’ ability to delete the app, causing the device to return to the home screen even after choosing to uninstall the app.”

Mobile malware of this kind is becoming increasingly more common as attackers focus on going after users on whatever device they use the most, and for many people these days, that means mobile phones. 

SMSZombie is designed to steal money from users by sending SMS payments to the attackers. The malware has the ability to send payments without the user’s knowledge and can send them at random intervals and for whatever amount the attacker chooses. SMSZombie includes a configuration file that the attacker can update remotely, as well.

“Using a configuration file that can be updated by the malware maker at anytime, the malware can intercept and forward a variety of SMS messages. Because these messages often include banking and financial information, users accounts can easily be hacked further,” TrustGo said.

“It has been confirmed that this virus has been used to recharge online gaming accounts via the China Mobile SMS Payment system. Commonly, the victim’s account is charged a relatively low amount to escape detection.”

Categories: Malware, Mobile Security

Comments (6)

  1. Independent

    This is ANDROID! The NOT READY FOR PRIMETIME rape the users operating system from GOOGLE, the hackers dream OS!

    The problem is Google… Haven’t we all read the security breaches coming from Google in the past weeks? I’m one who triumps the razors edge of security software especially from KIS, but an OS this stacked against any possibility of securing anything on an Google Android in pretty near imposible. The “perfect” operating system designed to frustrate any user ability to prevent data theft of any kind! In my opinion, the greatest swindle of users world wide in our times. 

    It’s not very hard to see easily what GOOGLE is all about…  “ANDROID”, the gateway to unlimited users data. IMHO

  2. Anonymous

    Another day and another FUD article from  company that makes their money by selling anti virus software. 

  3. Anonymous

    Not ready for primetime? You sir are a moron. Google is very on top of their security. Android is the most popular mobile platform out there. As with every platform there are going to be exploits discovered. I’m sure they are already testing a fix.


    Poster 1, I phones are for weenies who feel safe confined to a limited amount of options and compatability. Your iphone is a phone. My Razr is a pocket computer. Ever try to play dwnloaded music on an iPhone? Works just fine as long as you sync it to itunes on your computer and then push it back to the phone. Me, I just create a folder whereever I want and click the file. Having experience with most of the mobile pltforms including iThings, Droid, BBerry and Microsofts mobile OS for the visually inept (whats with all ofthe GIANT tiles anyways?) Android is the best mobile OS in existance. iThings are second and initially more user friendly, but I run into way to many Apple empire limitations to reccomend one to anyone.

  4. Anonymous

    They can’t post a fix, because they have no control over their OS.  Unlike Apple who can update their iOS and push it out to the users. Android is a mess with a different version on almost any phone you pickup.  I have two Android devices that are 6 months old, and neither can be updated to Jelly Bean at this moment.  All my iOS devices are running iOS 5.

Comments are closed.