The malware removes all sent and received text messages, and threatens to permanently cripple the handset unless users pay a fee.
Users are instructed to deposit a payment of around US$7 in an account through QQ, a Chinese instant messaging and virtual currency system.
Kiazha.A is being distributed as part of a larger malware payload known as SymbOS/Multidropper.cr.
Other elements in the package automatically set up a QQ account for the user, and forward all text messages to the malware author. Users are charged for all messages sent by the malware.
"The interesting thing about multi-droppers is that they are usually compiled by malware authors who are not programmers and simply collect the work of others," wrote McAfee Avert Labs engineer Jimmy Shah in a blog posting.
"With MultiDropper.CR it appears that the author, with a lot of effort and testing, put together various malware-like pieces from a toolkit."
Shah also noted that the malware is profit driven, a rarity in the mobile malware field where authors mostly create attacks to gain notoriety.
Kiazha.A is the second major mobile phone attack to hit China in recent days after a malware infection targeting Windows Mobile handsets was discovered last week.
WinCE/InfoJack also attempts to steal information, but contains a component which leaves handsets open to future attacks.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
