Sophos: mobile malware scandal 'damages' industry

Sophos fears for the reputation of the security industry after a malware scandal hit a pair of Chinese mobile firms.

NetQin was accused in an investigative report on Chinese state television of working with a company called Feiliu to install malware on phones in a bid to sell security software.

It was transcribed by Chinese staff at Sophos, which said the show exposed a cosy relationship between the two companies, and that NetQin was charging users to remove the “dodgy” Feiliu software after flagging it as malware.

"On further investigation, it seems NetQin and Feiliu have a close relationship which could threaten to damage the reputation of both companies and the security sector as a whole," said Mark Harris, a vice president at SophosLabs.

"We learnt from the video and transcript that staff from Feiliu admitted that co-founders for NetQin and Feiliu worked on their PhDs together and NetQin had an investment of 495,000 yuan ($A73,655) in Feiliu, making NetQin the second-largest shareholder," he said.

“All this certainly seems to suggest that the two companies are plotting together rather strategically, at the cost of the mobile phone users affected. What's more, their actions threaten to cast aspersions on the security industry as a whole."

Details of the security threats posed were posted in Sophos’s Naked Security blog, which said the program also tried to remove rival anti-virus software.

If the allegations were true, the tactic would be a mobile version of an old scam in which virus writers infect a machine and then charge to remove the malware.

Feiliu and NetQin, which is hoping to float in the US later this year, denied any wrongdoing and accused their competitors of spreading slander in the report.

This article originally appeared at pcpro.co.uk