Mobile malware has moved from the security vendor testing labs, out of the realms of marketing hype and FUD, and firmly onto your smartphone. The main target for the malware distributors would appear to be the Android platform, which is not surprising given the rapid growth in the userbase coupled to the 'open to all' nature of the Android app marketplace.
Up until now, the usual method of monetizing Android malware had been to subscribe to premium SMS text message services owned by affiliates of the cyber-criminals. Other than this, monetization of malware on the smartphone platform had been rather difficult. Data can be stolen, but has not proven to be deemed as particularly valuable in the dark markets where such information is traded. It should come as no surprise, as users and security vendors alike start to wise up to the SMS dialling scams, that the bad guys should look to come up with something new.
And something new is exactly what has emerged in the MMarketPay.A Trojan which is currently circulating throughout the Chinese online Android markets. According to G Data Security Labs experts who discovered the malware, it is concealed within fake versions of apps such as the E-Strong File Explorer, GO Weather and Travel Sky. It would seem, for now at least, that only users in China are actively at risk, but that could change soon enough as other groups jump on the new mobile malware monetization bandwagon.
So what does MMarketPay.A actually do to make money then? It rather cleverly accesses the China Mobile Android app store to download and install paid apps and more malware. I say cleverly, as the Trojan will change the Access Point Name (used for system updates) on the smartphone to connect to the China Mobile service provider where the confirmation message gets intercepted. This enables the malware to access the app store there without logging in, and purchase and automatically install whatever it wants all at the expense of the unwitting user.
In the meantime, our Chinese members are advised to check their phone bills very carefully for any unexpected payment activity.