China reproduces more than 500,000 handsets infected by mass Android phone virus

With the GooglePlay restrictions, with the rapid growth of Android devices in the Chinese market, China's unique App Store ecosystem has spawned hundreds of of independent Android app stores. However, numerous third party markets have also led to the breeding of viruses, make Android the Open-source system more vulnerable, according to TNW reported recently in China's Android Market has found a new virus, the virus can be used for mobile phone to pay unauthorized, the alleged infected users have been more than 500,000, you do?

As early as six weeks ago, the Mmarketplay App Store found a bill to invade the virus, and recently anti-virus expert Trustgo discovered a more complicated new Android virus that can be used to pay for mobile phones on users ' Android phones, read user bank cards, Credit card and billing history information.

The virus is named "trojan! Smszombie "(Troy!) SMS Zombie "), first discovered by Trustgo Antivirus company on July 25. Trustgo is said to be the only company currently able to identify such viruses and provide a virus removal program.

According to TNW, a number of mainstream app stores in China have been hit by the virus, so far more than 500,000 of the user's equipment has been infected. Although the 500,000 is only drop compared to 683 million of China's mobile phone users, the virus can be privately made unauthorized payment transactions, it may cause huge economic losses to users, so the potential threat of the virus is very large.

Moreover, in order to avoid the user suspicion, the hacker who made the virus took a more cautious approach, the virus every time the payment is small, basically rarely produce high bills, so that infected users will not easily find. So far, Trustgo says, the virus has only been getting "relatively low" amounts from infected user accounts by paying back online games and other services, but it adds up to 500,000 lower sums, which are probably a large sum.

"The virus is usually hidden in wallpaper applications and popular downloads, and then invades the user's SMS capabilities, using a loophole in China Mobile (which seems to be all right for Unicom and telecom users)--a SMS payment gateway for trading and accessing data," Trustgo on its official blog. This is done in the background without user authorization.

"" trojan! Smszombie "(Troy!) SMS Zombie "virus is often hidden in various wallpaper applications, with attractive headlines and images to entice users to download the installation. When the user uses the infected application as a mobile wallpaper, the application asks the user to install other virus-related files. If the user agrees and enters the next step, the virus will transfer the transaction data through a file called the Android system service.

Once the user installs this type of infected application, the virus attempts to continuously obtain administrator privileges on the user's device, and the operation user cannot be canceled because pressing the Cancel button will only reload the confirmation dialog box, and the user eventually has to press "activate" to stop the dialog, and then it is forced to activate the virus. And when the virus gets administrator rights, the user cannot uninstall the infected application, the user clicks "Uninstall", the mobile phone will automatically jump back to the main screen. ”

As many mobile phone users in China use mobile phone messages to pay for their mobile phone, and many banks will send billing information to the user's mobile phone, so when the user's phone is infected with the virus, the bank card and account information can easily be intercepted by the virus and make small payments.

Trustgo says users who are infected with the virus or who are suspected to be infected with the virus can download TRUSTGO mobile security applications or refer directly to the TRUSTGO website (trustgo.com/en/smszombie-eliminate) method to clear the virus.

Trustgo is currently working to upgrade its mobile security applications to enable automatic removal of the virus, which is expected to be implemented by the end of this month.

"This virus will automatically replicate and transmit malicious code, so it is difficult to detect." The emergence of such a complex new virus highlights the drawbacks of Android as an open platform, and sometimes open source is a double-edged sword. Mobile phone users in contact with many applications at the same time, but also be careful to prevent the virus infection, perhaps you are the next target hacker!