Android malware "SMSZombie" to withdraw bank account number infect over 500,000 units in China

In China we exploited the vulnerability of mobile payment systemMalware"SMSZombie"Is pretentious. Infected applications are found among applications registered in the market, and the number of already infected terminals exceeds 500,000.

Resilient 'SMSZombie' Infects 500,000 Android Users in China | SecurityWeek.Com


New Virus SMSZombie.A Discovered by TrustGo Security Labs


"SMSZombie" It is malware that is spreading fiercely in China at this moment. China's largest mobile operatorChina Mobile (China Mobile)It is a vulnerability of online payment system of the security companyTrustGoAccording to SMSZombie spread through the online forum, and China's largest mobile application market "GFanHowever, it has been detected from several applications. It seems that TrustGo informed GFan to that effect, but so far the infected application has not been deleted.

This malware named TrustGo "SMSZombie.A" was discovered by Jerry Yang, vice president of technology in July. I am infected with several wallpaper applications, and the application draws interest and gives sensational names, such as "I gathered pictures I found when repairing a fellow woman's computer" or displaying nude pictures I will. Attempting to use this application prompts download of additional files, and when it is OK, the virus itself will be downloaded under the name "Android System Service". "Android System Service" comes up with a dialog requesting administrator privileges, but even if you press "Cancel" button in this dialog, the same dialog opens repeatedly, so the user can not cancel it any longer "Activate You just have to press.

SMSZombie strikes the vulnerability of the settlement system, without payment for premium services that do not allow it without permission, steals account number and payment details. Malware said that the infected terminal could be operated remotely and sent SMS commands from any phone number to the terminal. It seems that one of the telephone numbers was from Anhui province.

At the moment, this malware is circulating only in China, and it seems that there are very few cases of damage outside the country.