Insecurity experts have noticed a nasty Android virus which is sweeping across China and is believed to have dusted the banisters of many mobile users.
According to mobile security firm TrustGo, more than 500,000 devices, mainly in China, have been infected by “SMSZombie”.
What is bad is that the malware is hard to remove, but while Europe was laid low by the other infections to come out of China this one exploits a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.
TrustGo said that the malware is being spread through online forums and has been found in several packages on China’s largest mobile app marketplace, GFan.
SMSZombie has been embedded in several wallpaper apps, many of which flaunt provocative titles and nude photos to encourage users to download and install them.
If an Android user downloads the app and sets it as the device’s wallpaper, the app then asks the user to install additional files. “If the user agrees, the virus payload is delivered within a file called ‘Android System Service’.
The malware attempts to obtain administrator privileges on the device, a step that Yang says cannot be cancelled.
The malware generates unauthorized payments to premium service providers, and nicks bank card numbers and money transfer receipt details.
It deletes any payment confirmation SMS receipts in an effort to remain undetected.