100,000 Chinese Android users owned by trojan

Powered by SC Magazine
 

Downloads movies, buys apps and captures CAPTCHA.

One hundred thousand Chinese Android users have been infected with a trojan that is circulating over at least nine app stores.

Researchers found the trojan was capable of downloading paid apps from China Mobile’s Android app store and place phone calls, leading to exorbitant bills.

The trojan was able to exploit the store’s payments workflow to buy apps without alerting users.

It first changed the victim’s Access Point Name to CMWAP to bypass the need to login to the store, which was prompted from other APNs. It then simulated the target clicking on a paid app.

A purchase verification token sent from China Mobile to the victim was intercepted and entered into a prompt within the store, confirming the payment.

TrustGo Security Labs, which discovered the malware, said it could also purchase videos.

Any CAPTCHA image challenges prompted during the attack were uploaded to a remote server for manual verification.

The trojan was identified hidden within packages:

  • com.mediawoz.goweather
  • com.mediawoz.gotq
  • com.mediawoz.gotq1
  • cn.itkt.travelskygo
  • cn.itkt.travelsky
  • com.funinhand.weibo
  • sina.mobile.tianqitong
  • com.estrongs.android.pop

TrustGo posted the malcode used to hijack the payments process.

Copyright © SC Magazine, Australia


100,000 Chinese Android users owned by trojan
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Five emerging technologies that will transform financial services
[Blog post] Far out ideas that aren't far off.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  27%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 910

Vote