TrustGo Security Labs researchers recently came across a new form of Android malware called Trojan!MMarketPay.A@Android, which automatically downloads paid apps from China Mobile's Mobile Market app store.
The company says more than 100,000 Android devices have already been infected by MMarketPay.A.
"China Mobile is one of the largest mobile phone carriers worldwide, with approximately 677 million subscribers," The H Security reports. "Customers on the China Mobile network can visit the market's web site and are able to purchase applications and content without having to log in. The phone is then authenticated based on the fact that it uses a China Mobile Access Point Name (APN). When users purchase an application, they receive a text message with a verification code that will then have to be entered on the web site to finalise the purchase."
"MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills," writes ZDNet's Emil Protalinski. "It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis. In short, MMarketPay.A is a complex little bugger."
"For now, TrustGo concludes that 'this sophisticated new malware could cause unexpected high phone bills,'" Infosecurity reports. "However, given the large number of apps that are installed and their relatively low cost, it is perfectly possible that many users will notice neither the app nor the addition to the phone bill -- and will remain unaware that they have been infected. The same methodology could also be used to download and install 'free' spyware or spyware-infected apps that might have been planted in the Market."