Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

“Fee-Deduction” Malware Targeting Android Devices Spotted in the Wild

NetQin Mobile today warned that it had discovered malware embedded in more than 20 Android applications circulating via various forums on the Internet which auto-dials phone numbers to incur high user fees. The infected mobile applications include QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey and Gold Miner among others.

NetQin Mobile today warned that it had discovered malware embedded in more than 20 Android applications circulating via various forums on the Internet which auto-dials phone numbers to incur high user fees. The infected mobile applications include QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey and Gold Miner among others.

Fee-Deduction Malware for AndroidDubbed BaseBridge, NetQin says the Malware can be embedded in legitimate applications, and during the applications installation, the Malware prompts the user to upgrade. If the user chooses to upgrade, the Malware is installed on the Android device under the name “com.android.battery”. Then, another prompt would pop up to ask the user to restart the app to run it, and the Malware is formally activated upon restart.

Upon activation, the malware can activate three malicious services — AdSmsService, BridgeProvider and PhoneService, to communicate with a control server, from which it will download a configuration file to read related information and dial calls or send out SMS messages, incurring fees for users. Meanwhile, the malware also blocks messages from the mobile carrier to prevent users from getting fee consumption updates in time so that all malicious activities are undertaken stealthily without the user’s knowledge or consent. The Malware may also insert messages to the inbox of a mobile device at a designated time.

When unlocking the screen of an infected device on which 360 Safeguard is installed, the Malware would cause a false message to appear, stating that the 360 Safeguard is terminated due to an error/exception while the 360 Safeguard is actually running normally.

According to NetQin, “auto dialing” generally refers to when malware that on an infected mobile device dials a number without the user’s knowledge. Malware often control mobile devices, using them to dial a designated number that may incur high fees in the process. NetQin said this is the first time an auto-dialing malware that causes fee deduction has spotted on Android devices, although similar software has been discovered on Symbian devices.

This is another outbreak of Android malware after DroidDream that forced Google to remove more than 50 rogue applications from its Android Market earlier this year and use a “remote kill” function to remove malware from users devices remotely.

Threats targeting the fast growing smartphone and tablet markets top the list of cyber concerns in 2011. A report released by Juniper Networks earlier this month showed a significant rise in threats to mobile devices, and highlighted a record number of mobile security threats, including a 400 percent increase in malware targeting the Android operating system.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.