According to Mobile security researchers, they have recently discovered a new type of  Trojan targeting Android OS, this Android malware has the ability to automatically place orders on behalf of users for paid content and apps from the Mobile Market and cause  high phone bills. This malware is named as [email protected]

According to Mobile security firm TrustGo explained that the MMarketPay.A Trojan could be hidden in a number of legitimate-looking applications and this virus is already found in 9 popular  Android app stores in China and so far,  more than 100,000 Android devices are infected.


How does the new Trojan it work?

Once the user downloads the malicious app, the Trojan inside it gets activated and, in this particular case, starts placing orders for paid apps and other mobile items at China Mobile’s official online store, Mobile Market. It goes without saying that the infected user is kept in the dark about the process. As if that wasn’t enough, the Trojan has other “skills” as well:

 

  • Intercepting the verification SMS sent by China Mobile, and entering the verification code to the Mobile Market online store.
  • Sending the CAPTCHA code image – triggered at this stage – to a remote server for someone to decipher the code.

MMarketPay.A may arrive as repackaged applications with the following package names:

  • com.mediawoz.goweather
  • com.mediawoz.gotq
  • com.mediawoz.gotq1
  • cn.itkt.travelskygo
  • cn.itkt.travelsky
  • com.funinhand.weibo
  • sina.mobile.tianqitong
  • com.estrongs.android.pop

MMarketPay.A may arrive as repackaged applications with the following package names:

com.mediawoz.goweather
com.mediawoz.gotq
com.mediawoz.gotq1
cn.itkt.travelskygo
cn.itkt.travelsky
com.funinhand.weibo
sina.mobile.tianqitong
com.estrongs.android.pop

This virus is already found in following 9 China markets:

nDuoa http://www.nduoa.com
GFan http://www.gfan.com
AppChina http://www.appchina.com
LIQU http://www.liqucn.com
ANFONE http://www.anfone.com
Soft.3g.cn http://www.soft.3g.cn
TalkPhone http://www.talkphone.cn
159.com http://soft.159.com
AZ4SD http://www.az4sd.com

How to avoid ?

We recommend Android users only download apps from trusted app stores and download a mobile security app which can scan malware in real-time.

China Mobile Limited is one of the largest wireless providers on the planet and has more than 600 million users. Currently, the majority of mobile malware is found in applications that originate from and attack third-party markets in China and Russia. The main source of Android-specific malware is the cloning, repackaging and change of popular apps with intentionally malicious code.

Last week Google  removed the Russian-language Find and Call app from their respective stores last week, following a tip-off from Kaspersky Labs that it was stealing users’ phone books and spamming their contacts.