Malware Alert: SMSZombie Steals from Android Users
YNOT EUROPE – Android mobile device security recently became compromised by a new form of malware security professionals are calling SMSZombie. The malware has the ability to steal money from users by processing fraudulent SMS payments. The bug has infected more than 500,000 victims, according to researchers.
The first detected instances of SMSZombie were hidden inside apps on the Chinese Android Market.
According to analysis by mobile device security firm TrustGo, “The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called Android System Service,” enabling the attacker to steal money from unwitting device owners.
Once the virus’ files are installed, the malware payload embeds itself in a way that makes removal difficult.
“Once installed, the virus then tries to obtain administrator privileges on the user’s device,” TrustGo’s analysis noted. “This step cannot be canceled by the user, as the ‘Cancel’ button only reloads the dialog box until the user eventually is forced to select ‘Activate’ to stop the dialog box. These privileges disable users’ ability to delete the app, causing the device to return to the home screen even after choosing to uninstall the app.”
So far the software seems to operate only on the China Mobile SMS payment system — where it exploits a specific design flaw allowing the software to initiate payments without informing the mobile device’s owner — but experts warn that malware frequently mutates to attack additional channels.
As Android devices continue to gain market share, the lure for malware attackers will continue to rise. The open-source nature of Google’s Android operating system presents security challenges not inherent in closed systems. Since many of the stolen funds consist of micro-payments to online gaming providers and other seemingly innocuous charges, Android users are being warned to investigate all recent billing activity.
Comments are closed.