Security Experts:

Costly Android Malware Infects 600,000 Users in China, Firm Says

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

“Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News,” the company explained.

The malware is propagating via third-party online app stores and retail installation channels, something the company says is allowing it to “spread like wildfire”.

Android Malware In ChinaThe Bill Shocker malware downloads itself in the background on a users’ Android device without their knowledge and takes remote control of the device, including accessing contact lists, Internet connections, dialing and texting functions.

“Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges,” the company said.

While the malware may not steal data or cause other damage to the device, NQ Mobile still considers it a threat due to the fact that it can rack up a users’ phone bill by sending costly messages.

NQ says it has notified Chinese mobile carriers of the threat, and has provided its technology to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help reduce the spread of mobile malware.

This past summer, researchers from TrustGo discovered a mobile threat targeting Android phones that was said to have infected roughly 500,000 devices, mainly in China. Called “SMSZombie”, the malware was little threat to users outside of China, as the prime function of the mobile malware was to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.

SecurityWeek contacted Lookout, a mobile security firm based in San Francisco, to see if they had any information on the "Bill Shocker" threat. A Lookout spokesperson told SecurityWeek that it was hard to measure the threat’s significance without access to the sample. “As soon as NQ releases more details on the threat, we'll be able to determine if this is in fact a new threat, and who it is affecting,” the spokesperson said.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.