We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Android 'SMSZombie' Trojan infects 500,000 Chinese users

Difficult to de-install

Reports have emerged from China of an ingenious new backdoor Android malware attack that has infected hundreds of thousands of subscribers and can prove difficult to de-install without technical support.

Dubbed Trojan!SMSZombie.A - 'SMSZombie' for short - by one of the companies reporting on it, the malware is said to have spread through the largest Chinese Android marketplace, GFan, piggybacking itself as a back door on the back of porn-themed wallpaper apps.

The innovation is the use of a backdoor to install itself before the payload is downloaded. This makes detection harder, said the company that detected it, TrustGo.

The malware becomes active once it has been selected as the smartphone's wallpaper, after which it asks to download additional files in the form of what claims to be an 'Android system service.'

It then asks for administrator privileges (pressing the cancel button for this request simply throws up a dialog box each time), after which the user cannot disable the app using Android's 'uninstall app' function.

Beyond the fact that the criminals have control of the device and can intercept messages, the purpose is to defraud the user of money via payments exploiting an unspecified flaw in the China Mobile SMS Payment System.

Noticed as long ago as 25 July, TrustGo said that it believed the malware had infected more than 500,000 smartphones.

"It has been confirmed that this virus has been used to recharge online gaming accounts via the China Mobile SMS Payment system. Commonly, the victim's account is charged a relatively low amount to escape detection," said TrustGo.

SMSZombie is unlikely to affect subscribers in countries such as the US and UK, but its design indicates that attackers are thinking of ways to beat new layers of security added to protect Android systems.

All the same, SMS frauds via premium rate services are far from unknown, although such events have yet to sink receive wider publicity In May, a fake Angry Birds app was discovered that had infected 1,400 UK phone users, defrauding them of around £28,000 ($44,000).

In July, Trusteer reported on an Android Trojan being distributed to beat the SMS authentication systems used by European and US banks.

SMSZombie can be de-installed manually by following the instructions posted by TrustGo.


IDG UK Sites

LG G Watch review: Android Wear smartwatch is the best around, so far

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

See Glasgow 2014 in UHD as history is made