SMSZombie trojan for Android has already infected 500,000 users

With its multitude of Android customers and their preference for third-party online app markets, China is the perfect reproduction ground for Android trojans.

Chinese mobile protection company TrustGo Security has recently discovered an Android malware that focuses on China customers exclusively, as it uses a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments, grab credit card numbers and cash transfer receipt information.

Known as SMSZombie, the virus is provided through genuine background applications with provocative titles and images. The primary applications are not malicious themselves – and that is why they probably haven’t been eliminated yet from GFan, China’s biggest mobile app marketplace – but the harmful code is downloaded and included by them afterwards.

“Once installed, the virus then tries to obtain administrator privileges on the user’s device. This step cannot be canceled by the user, as the ‘Cancel’ button only reloads the dialog box until the
user eventually is forced to select “Activate” to stop the dialog box,” TrustGo tells.

After the Trojan has these privileges, it applies them to disable users’ power to delete the malicious app.

“Using a configuration file that can be updated by the malware maker at anytime, the malware can intercept and forward a variety of SMS messages. Because these messages often include banking and financial information, users accounts can easily be hacked further,” the researchers point out.

GFan has still not eliminated the hacked applications from its website and, so far, the gadgets of almost 500, 000 chinese android customers are considered to be contaminated with SMSZombie.