One hundred thousand Chinese Android users have been infected with a trojan that is circulating over at least nine app stores.
Researchers found the trojan was capable of downloading paid apps from China Mobile’s Android app store and place phone calls, leading to exorbitant bills.
The trojan was able to exploit the store’s payments workflow to buy apps without alerting users.
It first changed the victim’s Access Point Name to CMWAP to bypass the need to login to the store, which was prompted from other APNs. It then simulated the target clicking on a paid app.
A purchase verification token sent from China Mobile to the victim was intercepted and entered into a prompt within the store, confirming the payment.
TrustGo Security Labs, which discovered the malware, said it could also purchase videos.
Any CAPTCHA image challenges prompted during the attack were uploaded to a remote server for manual verification.
The trojan was identified hidden within packages:
TrustGo posted the malcode used to hijack the payments process.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.