Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Costly Android Malware Infects 600,000 Users in China, Firm Says

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

“Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News,” the company explained.

The malware is propagating via third-party online app stores and retail installation channels, something the company says is allowing it to “spread like wildfire”.

Android Malware In ChinaThe Bill Shocker malware downloads itself in the background on a users’ Android device without their knowledge and takes remote control of the device, including accessing contact lists, Internet connections, dialing and texting functions.

“Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges,” the company said.

While the malware may not steal data or cause other damage to the device, NQ Mobile still considers it a threat due to the fact that it can rack up a users’ phone bill by sending costly messages.

NQ says it has notified Chinese mobile carriers of the threat, and has provided its technology to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help reduce the spread of mobile malware.

This past summer, researchers from TrustGo discovered a mobile threat targeting Android phones that was said to have infected roughly 500,000 devices, mainly in China. Called “SMSZombie”, the malware was little threat to users outside of China, as the prime function of the mobile malware was to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.

Advertisement. Scroll to continue reading.

SecurityWeek contacted Lookout, a mobile security firm based in San Francisco, to see if they had any information on the “Bill Shocker” threat. A Lookout spokesperson told SecurityWeek that it was hard to measure the threat’s significance without access to the sample. “As soon as NQ releases more details on the threat, we’ll be able to determine if this is in fact a new threat, and who it is affecting,” the spokesperson said.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.