Print 36 comment(s) - last by Nutzo.. on Aug 21 at 2:06 PM

Malware is stubborn and hard to remove

Since July, a new strain of malware has been attacking Android smartphones in China.  Dubbed SMSZombie.A, the malware spreads by wallpaper apps on China's largest apps marketplace, GFan.

The apps come with alluring titles, such as "Android Animated Screensaver: Animated Album I Found When I Fixed My Female Coworker's Computer".  

When the user sets the in-app wallpaper as their selected wallpaper, they receive a prompt requesting to download additional files.  Those files are a malware packaged dubbed "Android System Service".  Once installed, that package request administrative privileges, repeatedly popping up the dialogue until the user accepts.

As with various text message scams in the U.S., sending and receiving messages from premium SMS numbers make the bulk of the profit from the malware.  As carriers receive a cut of the profits from premium SMS messages, some carriers have been unwilling to block abusive premium SMS entities, even if it means their customers are being ripped off.  

The new Android malware is particularly clever as it deletes receipts from premium SMS services, disguising the fees from the user.  Researchers suspect the malware may also be attempting to steal bankcard numbers and money transfer receipt details.

SMS Zombie
The SMSZombie malware acts a malicious Trojan [Image Source: TrustGo]

So far 500,000 Android smartphones in China have been infected by SMSZombie, according to TrustGo, a mobile security firm.

As the actual wallpaper apps contain no direct malware, they are hard for mobile antivirus software to detect.  They also reportedly are resistant to removal.

Android malware is most prevalent in China, where poorly regulated third party applications markets dominate the Android software space.  Such markets are oft rife with pirated and malicious applications [1][2][3].

In the last quarter approximately 34 million Android smartphones shipped to the Chinese market, according Canalys [source].  The biggest player is Samsung Electronics Comp., Ltd. (KSC:005930), who is shipping close to 10 million units a quarter to the world's biggest smartphone market.  Huawei Technologies Comp. (SHE:002502and HTC Corp. (TPE:2498) also command large Android sales in the market.

Source: SMSZombie

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Yeah, well
By kleinma on 8/20/2012 2:40:16 PM , Rating: 5
Any sophisticated device that holds such access to one's personal data needs to be respected though. iPhone users can't just assume everything will always be safe and secure because Apple says so and acts as gate keeper. There have already been numerous iOS/OSX flaws exploited, perhaps not the extent of Android, but they do exist. Security through obscurity is never a good solution, and users of any platform need to understand what they are doing.

RE: Yeah, well
By Tony Swash on 8/20/12, Rating: 0
RE: Yeah, well
By chris2618 on 8/20/2012 4:15:03 PM , Rating: 2
"vastly reduced price for software"

Are you kidding, most are only worth a couple of quid if that and the vast majority of games are nothing better than internet flash games which are free.

RE: Yeah, well
By Reclaimer77 on 8/20/2012 4:23:31 PM , Rating: 3
In Tony's mind, without Apple we would be paying $60 for mobile apps lol.

The idea that Apple has ever been about "reduced prices" made me shoot Coke through my nose.

RE: Yeah, well
By Argon18 on 8/20/12, Rating: -1
RE: Yeah, well
By Reclaimer77 on 8/20/2012 4:37:27 PM , Rating: 4
$29 OSX upgrades? Microsoft wants $129 or more.

Nice try. Those OSX "upgrades" amount to a Windows Service Pack, which last time I checked was free.

Also since OSX only runs on Apple hardware, which is always overpriced, meh.

Sounds like you've been drinking too much of that Coke then.

Better than the Kool Aid you're gorging on.

RE: Yeah, well
By kleinma on 8/20/2012 4:37:43 PM , Rating: 3
Lets not confuse OS upgrades with Service Packs.

.99 cent apps were not groundbreaking with the iPhone, what are you smoking? I was buying .99 cent apps written for BREW on Verizon Wireless dumb phones before Apple even made the iPod.

They didn't pioneer shit. They simply wrap up what everyone else is doing in a neat little package and call it revolutionary, and you and Tony gulp their koolaid without question.

RE: Yeah, well
By Tony Swash on 8/20/12, Rating: 0
RE: Yeah, well
By wordsworm on 8/20/2012 7:59:54 PM , Rating: 2
I don't agree that Apple was the first. Ubuntu beat them all to it, except that their apps are free.

RE: Yeah, well
By bug77 on 8/20/2012 4:58:25 PM , Rating: 1
From time to time people grow tired of democracy, too. Not many good things come out of that.

RE: Yeah, well
By Argon18 on 8/20/2012 4:36:11 PM , Rating: 2
First of all kleinma, you're confusing the issue here. The issue is not exploiting security flaws. The issue is malware. Trojans. Things that look innocent at first glance, but are really malicious, and are designed to trick the user into installing them or agreeing to them. This problem is non-existant on Apple devices. Period.

Second of all, calling iOS "security through obscurity" is about as far from reality as one can get. OSX, iOS, Linux, are all unix-like OS's that are mostly or entirely based on Open Source code. Microsoft is the only one with the closed source obscurity-security model. Every one else is open via open source code. Hiding your source code is the ultimate in obscurity based security.

RE: Yeah, well
By Nutzo on 8/21/2012 2:06:44 PM , Rating: 2
So, again, this is a problem unique to Android in that it so easily allows users to install just about anything they want.

Which is one of the main reasons I bought an Android phone.
Need more storeage space - just add an SD card (at least with Samsung)
Have some non-authorized apps (like emulators) you'd like to run - no problem.

"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki