Ever wanted a few more apps on your Android phone, but can't decide what you'd like? Now you don't have to, thanks to a new malware which can buy apps for you. Convenience! The Play Store, despite its size, has always been fairly secure. With Android's open nature, there are more available app sites, and they might not be as secure.
MMarketPay, as this new species of malware has been named, does not need user permission to download applications. The malware was discovered by security company TrustGo, who found it lurking on several Chinese app stores. According to their estimates it could have been downloaded to as many as 100,000 phones by this point. This could be potentially disastrous for those who are unaware, since a massive phone bill could simply arrive in the future with no explanation. The malware downloads apps from China Mobile's own app store, so if you find a bundle of Chinese-language apps on your phone, you probably should be suspicious.
China Mobile is a state-owned mobile carrier and telecommunications company in the country, so it makes sense that the authors of the malware would target it. China Mobile is the world's largest telecommunications company, with about 655 million subscribers. Hardly surprising when they really do have the market cornered in the most populated country on earth. The fact that malware is able to exploit such a large company is not exactly encouraging; if one piece of malware can, what if others can do the same? According to the report, it is able to spoof verification to purchase the app.
It seems likely that China's app store operates differently to the official Google Play app hub, since the report mentions an SMS for verification and a CAPTCHA code being used. Clearly, the malware is quite an advanced strain if it is the only known one of its kind. Most malware tends to collect information from your phone. This could be personal information, like contact details, or general device information. Others might spam premium-rate numbers with messages, potentially costing you a fortune. MMarketPay doesn't. Hopefully the amount of costly malware existing for Android phones can be controlled, since it really could be damaging for the platform otherwise.
The obvious solution is to avoid downloading apps from Chinese app stores unless you know exactly what you're getting into. Plenty of legitimate, secure stores exist for the platform so it makes a lot more sense to stick to them.
Source: Net-Security
62 Comments - Add comment