Experts at G Data Security Labs have discovered a new type of Android malware that downloads paid apps without the knowledge of the smartphone or tablet user. The malware is hidden in fake GO Weather, Travel Sky or E-Strong File Explorer apps and is being distributed through various Chinese websites and third-party provider app marketplaces.
At the moment, the perpetrators are targeting customers of the world’s largest mobile provider, China Mobile.
The Trojan gains access to the mobile provider’s app store and can then download and install additional malware or paid apps. G Data Security Labs believes it might spread to the rest of the world.
Online criminals have been using the Android malware MMarketPay as a new way of making money from e-crime.
Previously, malware writers focussed on the theft of personal data, spy attacks and sending premium-rate SMSes. Now they have managed to gain access to a mobile provider’s app store for the first time.
To do this, the malware changes the mobile device’s access point name (APN) and connects to China Mobile. Access points on tablets and smartphones are usually used by mobile providers to provide system up-dates, for example. Here, the Trojan intercepts the confirmation message and provides a response via a special server.
The malware can thus access China Mobile’s app store without logging in, then purchase and install any apps at the victim’s expense at any time.
Security tips for Android users:
* Use an effective, comprehensive security solution that thoroughly protects the mobile device.
* Always install updates to keep your operating system and the programs and applications you use fully up-to-date. This closes security loopholes that cyber criminals could otherwise exploit for attacks.
* Only get your apps from trustworthy sources, e.g. from Google Play for Android devices and from provider websites. When you choose applications, pay attention to how often they have been downloaded. The more times an application has been downloaded, the more trustworthy it is. You should also check what authorisations these apps have. Be careful with applications that can, for example, initiate calls or send text messages. In general, you should only install apps that you really need.
* Ignore messages of unknown origin on your smartphone or tablet. Users who like to play it safe can usually check online whether these messages are correct, or call their provider’s customer service.
* Check your phone bill. If it includes charges for services that you have not used, you might be a victim of fraud.