A new malware for smartphones and devices running Google’s Android operating system is targeting subscribers of China Mobile by subscribing their devices to premium services.
Computer security firm Trend Micro said the new malware, which it detects as ANDROIDOS_AUTOSUBSMS.A, also checks for keywords in text messages.
“Detected as ANDROIDOS_AUTOSUBSMS.A, this sample has been found in a Trojanized version of certain applications, and is still currently available for download in certain Chinese third-party app stores,” it said in a blog post.
“Android users, especially China Mobile subscribers, are strongly advised to be very cautious in installing apps to their device,” it added.
It said the malware installs the receiver “util.Smsreceiver,” which executes every time an infected device receives a message.
Also, the malware asks for certain permissions that require the receiver to work. Such permissions are not included in the original version of the application.
But unlike the Trojanized Coin Pirates app, Trend Micro said the monitoring for keywords is not for spying on the user, but for subscribing the device to premium services.
The malware monitors for received text messages bearing Chinese keywords translated as “reply random content” and “supermarket.”
Once it detects such keywords, the malware will reply to the same message with one that has “Y” as its content.
“We suspect that what this malicious app does is wait for messages from providers that promote certain services, and the sending of the response is done to subscribe the user to the said premium service,” Trend Micro said.
The malware will also prevent the user from seeing the confirmation message by monitoring for another set of keywords translated as “love laila,” “love to the,” and “supermarket.”
The malware will delete any text message coming from a phone number starting with “10658? and “10086? containing such keywords.
Trend Micro speculated the number “10658? may be a premium number. It noted “10086? is the service number for China Mobile. — TJD, GMA News
Article source: http://ph.news.yahoo.com/android-malware-targets-china-mobile-subscribers-082008286.html
View full post on National Cyber Security » Virus/Malware/Worms