Think Information. Think Security.
 
Picture
"MMarketPay.A" is a mobile virus capable of racking up large bills on Android-based phones in China which affected more 100,000 devices and nine app stores in the country. 

It is a malware that can order content from China Mobile’s app store wherein the user download infected apps and  accumulate bills from Mobile Market (M-Market) that run by 660 million subscriber-strong China Mobile. Once it makes its way to a device, MMarketPay.A can bypass the SMS security step used by the world's largest operator to log-in, download content and place orders without the knowledge of unsuspecting mobile phone owners and includes premium paid-for video content, which the virus is able to search, play and download without the knowledge of device owners.

The  mobile security  TrustGo identified this virus and found evidence that it has already infected content in the following third party app stores: nDuoaGFanAppChinaLIQUANFONESoft.3g.cnTalkPhone159.com and AZ4SD but this isn't the first Android-targeting virus to have emerged in China and, as recently as January, a similar bill-racking virus called ‘MSO.JPApps’ began to spread outside of China following a warning from security firm NetQin.M-Market store had more than 149 million registered users, who make 30 million downloads each month and last year, the store’s revenue hit $3.6 million (23 million yuan) and December saw China Mobile announce plans to open the store to subscribers from other carriers in China.

The TrustGo team explains how the regular M-Market payment system works, and how the virus can hijack it: Customers login at M-Market website (http://mm.10086.cn/), if using CMWAP as Access Point there is no Log-in required.

[The virus] MMarketPay.A can place orders via M-Market payment system automatically: 
1. Changes the APN to CMWAP, so that it can login MMarket automatically
2. Finds paid application and simulates the click action in background 
3. Intercept the received SMS messages and collect verification code sent by M-Market. If CAPTCHA     image is invoked, it will post the image to remote server for analyzing the verification code4. Post the verification code to M-Market website;
5. Download the application and customers get charged.

TrustGo recommend that mobile owners should only download content from “trusted app stores” and ensure that their device has a mobile security app that can scan for malware in real-time. “The ease and speed that malicious apps can be developed and distributed to unsuspecting users is one of the fastest growing security concerns,” said Xuyang Li, CEO of TrustGo. 

Cross-posted from: Asia



Leave a Reply.