The home of smartphones, China is currently facing a problem caused by the malware that looks for getting access to user’s SMS payment system. This new virus has affected over half a million of smartphone users in China. This virus contains an ability of making illegal payments through the Android app market. As per TrustGo press release, this is not a Android ‘virus’ but it is a new trojan called Trojan!SMSZombie.A. It is a complicated and sophisticated malware that makes use of vulnerability in the China Mobile SMS Payment System to produce illegal payments, steal bank card numbers and receipt details about money transfers.
Image source: cybercrimesunit.com
This trojen is tricky to distinguish, and even more complicated to eliminate while it doesn’t have a malicious code. In China's largest Android marketplace, GFan, the malicious code was found on a wallpaper app. This trojan installs itself on a device after downloading and installing the app in the device, and makes recognition hard. Consequently, the wallpaper app is not flagged as spiteful in the market. Additionally, this trojan can change the amount and timing of illegitimate charges so that most times users do not recognize that they have been hacked.
The malware is utilized to recharge online gaming accounts of the hackers through the China Mobile SMS Payment System that is found by researchers at TrustGo during the course of investigation. If one is trying to keep away from being caught, then the amount charged is comparatively low. If it is installed one time, the app is strong enough to finish the ability of user to eliminate it or disable it. Numerous packages including com.ldh.no1, com.lzll.pic, com.xqxmn18.pic, com.gmdcd.pic, com.gsjnqt1.pic, com.zqbb1221.pic, and com.bntsxdn.pic that can contain this Trojan are listed in the blog post.
The users, whose devices contain the wallpaper app, in which the malware has been hidden, are paying attention to it with provocative titles and images. If users set one of these wallpapers as the device's wallpaper, this app further inquires the users to install further files connected with the trojan. As users say, yes, it installs the payload included in a file, named as 'Android System Service'. After that, administrator privileges on the device will be attacked by the malware. At that time, users find themselves unable to stop the step and reject administrator access to the malware.
If users press the "Cancel" button, then it causes the dialog box to carry on reappearing until they select "Activate" option. Thus, users will become unable to remove or disable the app. It is found by researches that it is probable for the malware to intercept and forward text messages by utilizing a configuration file that can be updated by the manufacturers of the malware at anytime. The malware can wreak more destruction in user accounts as SMSes sometimes consists of banking information and other financial information. Users and developers need to search for options after blockage of the Google Play Market in China.