Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Costly Android Malware Infects 600,000 Users in China, Firm Says

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

“Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News,” the company explained.

The malware is propagating via third-party online app stores and retail installation channels, something the company says is allowing it to “spread like wildfire”.

Android Malware In ChinaThe Bill Shocker malware downloads itself in the background on a users’ Android device without their knowledge and takes remote control of the device, including accessing contact lists, Internet connections, dialing and texting functions.

“Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges,” the company said.

While the malware may not steal data or cause other damage to the device, NQ Mobile still considers it a threat due to the fact that it can rack up a users’ phone bill by sending costly messages.

NQ says it has notified Chinese mobile carriers of the threat, and has provided its technology to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help reduce the spread of mobile malware.

This past summer, researchers from TrustGo discovered a mobile threat targeting Android phones that was said to have infected roughly 500,000 devices, mainly in China. Called “SMSZombie”, the malware was little threat to users outside of China, as the prime function of the mobile malware was to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.

Advertisement. Scroll to continue reading.

SecurityWeek contacted Lookout, a mobile security firm based in San Francisco, to see if they had any information on the “Bill Shocker” threat. A Lookout spokesperson told SecurityWeek that it was hard to measure the threat’s significance without access to the sample. “As soon as NQ releases more details on the threat, we’ll be able to determine if this is in fact a new threat, and who it is affecting,” the spokesperson said.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.