New Android malware goes on a shopping spree

MMarketPay.A automatically orders paid apps

The experts at G Data SecurityLabs have discovered a new Android malware threat that downloads chargeable apps unnoticed by smartphone or tablet owners. The malware is found in fake GO Weather, Travel Sky or E-Strong File Explorer apps and is distributed via various Chinese websites and third-party app marketplaces. The perpetrators are currently targeting the customers of the world's largest mobile operator China Mobile. The Trojan gains access to the mobile operator's app store and can thus download and install additional malware or paid apps. According to G Data SecurityLabs, a spread in Europe cannot be ruled out.

Android pest

Pest targets smartphones Source: pressetext.com

With the Android malware MMarketPay.A, online criminals have opened up another branch of e-crime for themselves. While the malicious code writers had previously targeted the theft of personal data, espionage attacks or the sending of chargeable premium SMS, they have now succeeded for the first time in gaining access to the app market of a mobile communications provider. To do this, the malware changes the so-called APN connection point of the mobile device and connects to China Mobile. APN points on tablets and smartphones are usually used by the mobile phone providers to provide system updates, for example. The Trojan also intercepts the confirmation message and provides a response via a special server.

The malware is thus able to access the China Mobile app store at any time without logging in and to purchase and install any apps at the cost of the victim.

"We are observing the development of a new and lucrative business model for cyber criminals. With MMarketPay.A, a new dimension of malicious apps has emerged that aim to steal money," explains Ralf Benzmüller, head of G Data SecurityLabs. "Therefore, from our point of view, it is also easy to imagine that a modified variant of this malicious app will also appear in Europe and target customers of European mobile communications providers."

Screenshot (picture material): This fake GO Weather app was infected by the perpetrators with MMarketPay.A and goes on a shopping spree without the user noticing.

Security tips for Android users:

- Use an effective and comprehensive security solution that fully secures the mobile device.

- Always keep your operating system, the programs and applications used up-to-date with updates. This closes security gaps that cyber criminals could otherwise exploit for attacks.

- Obtain apps only from trustworthy sources, e.g. from Google Play on Android devices and from manufacturers' websites. When selecting the applications, note how often they have already been downloaded - the higher the number, the more trustworthy the application. You should also check which permissions the apps have. Be careful with applications that can initiate calls or send SMS messages, for example. In general, you should only install apps that really need each other.

- Ignore messages on your smartphone or tablet whose origin you cannot understand. Users who want to be on the safe side can check their accuracy online or contact the customer service of their provider.

- Check your telephone bill, if services were billed there that you did not use, you could have been a victim of fraudsters.

Further information is available in the G Data SecurityBlog: http://blog.gdatasoftware.com/blog/article/new-android-malware-goes-on-a-shopping-spree-at-your-expense.html .

G Data Software AG
G Data Software AG, headquartered in Bochum, is an innovative and rapidly expanding software house with a focus on IT security solutions. As a specialist in Internet security and a pioneer in the field of virus protection, the company, which was founded in Bochum in 1985, developed the first antivirus program more than 20 years ago.

This makes G Data one of the oldest security software companies in the world. The product portfolio includes security solutions for end customers, medium-sized businesses and large companies. G Data security solutions are available in more than 90 countries around the world.

You can find more information about the company and G Data security solutions at http://www.gdata.de .

(ck)

.

paste