TrustGo, a Santa Clara-based mobile security company that provides a security platform for Android smartphones and tablets, has revealed that its TrustGo Security Labs has discovered a new and extraordinarily aggressive virus in China’s largest Android marketplace, GFan. Named Trojan!SMSZombie.A, the virus gives hackers remote control over victims’ mobile SMS payments system allowing them to covertly authorize payments in any amount and at any time they wish.
This new virus is also noteworthy because it includes self-protection mechanisms that make it difficult to eliminate. Since its discovery on 25. July, the virus has been found in 7 apps in Chinese android markets and has infected more than 500,000 users. This virus’ aggressiveness and advanced capabilities are believed to be a significant threat.
SMSZombie.A is distributed in popular live wallpaper apps and hides its viral payload by prompting users to accept additional files after installation. When users are tricked into taking this action, the malicious app displays a prompt to activate a new service that cannot be cancelled, and upon acceptance it then installs the code and disables users’ ability to easily delete it.
Thus far, a number of provocatively named apps on www.GFan.com have been infected with SMSZombie. These include an app titled, “Android Animated Screensaver: Animated Album I Found When I Fixed My Female Coworker’s Computer” as well as others with similar titles.
“By waiting to deliver malicious code until after installation, this virus is difficult to detect,” said Xuyang Li, CEO of TrustGo. “Sophisticated malware like this highlights the fact that the openness of the Android platform is a double-edged sword… Users are able to access an amazing breadth and variety of apps, but must take precautions to ensure the apps they want have not been compromised by hackers. Using TrustGo’s patent-pending Secure App Finder Engine™ (SAFE) Technology to pre-screen apps is the only way to avoid infection from SMSZombie.A, the virus we discovered in early July known as MMarketPay.A, and thousands of other dangerous viruses.”
The company suggests that to identify whether a device has been infected with this new and dangerous virus, users should download their TrustGo Antivirus and Mobile Security™ app. For a detailed description of this new virus visit http://blog.trustgo.com/SMSZombie. For complete instructions on how to permanently eliminate all remnants of the virus code, visit: http://www.trustgo.com/en/SMSZombie-eliminate.
To be honest, here at Contactless Intelligence, we expect to see a lot more of these mobile payment viruses. It’s an inevitable start of things to come as mobile payments become more widespread (either via SMS or NFC) and the mobile smart phone become a ubiquitous and essential product. It may be easier to start writing malicious code for the Android market thanks toeir open source approach but how much longer before it enters even the closed walls of the iPhone?