Industry News

100,000 Android Users Infected with Application-Buying Trojan

A new Android Trojan that buys applications on behalf of users has been discovered on the China Mobile Martketplace. Dubbed MMarketPay.A, the Trojan affects Chinese users subscribed to China Mobile, one of the world’s largest mobile phone carriers.

According to a report by mobile security company TrustGo, the Trojan is delivered on nine distinct app stores. When it reaches the mobile, it starts buying applications from China Mobile’s marketplace, which does not require the user to log in but rather identifies each user as it uses a China Mobile Access Point Name (APN). This allows China Mobile to add the price of every purchased application to the monthly phone bill.

If the user is not connected to the China Mobile APN, the Trojan tries to automatically connect to it and then starts a web browser in the background. It then navigates to the market and simulates clicks to buy specific applications. These actions are not visible to the user, so the scheme can go on for quite a while until the victim spots the abuse.

According to TrustGo, the infected applications have been downloaded more than 100,000 times, but given the fact that it targets China Mobile’s users, it hasn’t been seen outside China.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

3 Comments

Click here to post a comment