Security provider TrustGo has discovered a new malware strain targeting Android devices that is designed to make unauthorized purchases from infected units.
The malware has been detected as being spread by at least nine different Chinese-based third-party application markets and may have infected as many as one-hundred thousand users to date.
"On the 4th of July 2012, we uncovered a new malware that can download paid apps and contents from China Mobile’s Mobile Market. It placed orders automatically on behalf of users and could cause unexpected high phone bills. TrustGo Security Labs named it as: Trojan!MMarketPay.A@Android," TrustGo reports.
To complete the unauthorized purchases of paid content, the malware intercepts China Mobile’s SMS verification messages.
According to the TrustGo report, the malware scam operates in the following manner:
- Customers login at M-Market website (http://mm.10086.cn/). No login required if customer use If you are using CMWAP as Access Point.
- M-Market will send a verification code to you via SMS if customer purchased paid apps or contents.
- Customers receive the verification code and input it to M-Market for verification.
- Once the verification completed, the market will download apps automatically. China Mobile will add this order in customers’ phone bill.
- MMarketPay.A can place orders via M-Market payment system automatically.
The malware is able to defeat the security protocols by analyzing an image of the CAPTCHA mechanism, the researchers stated.
China Mobile is one of the largest wireless service providers in the world, and the company's Mobile Market serves up thousands of free and paid applications as well as a variety of multimedia content.
"In summary, this sophisticated new malware could cause unexpected high phone bills. TrustGo recommends customers only download apps from trusted app stores and download a mobile security app which can scan malware in real-time," TrustGo recommended.