Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Costly Android Malware Infects 600,000 Users in China, Firm Says

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

Researchers from mobile security firm NQ Mobile have uncovered what they are calling “a nasty piece of malware” that has already infected more than 600,000 users in China.

Named “Bill Shocker” by the China-based mobile security firm, the malware is potentially one of the most costly viruses yet discovered, the company said.

“Bill Shocker is an SDK-type virus (Software Development Kit). Our experts, using NQ’s RiskRanker system, found the virus attached to several of the most popular mobile apps in China, including Tencent QQ Messenger and Sohu News,” the company explained.

The malware is propagating via third-party online app stores and retail installation channels, something the company says is allowing it to “spread like wildfire”.

Android Malware In ChinaThe Bill Shocker malware downloads itself in the background on a users’ Android device without their knowledge and takes remote control of the device, including accessing contact lists, Internet connections, dialing and texting functions.

“Once it’s turned your phone into a “zombie,” it sends text messages that create financial gains for advertisers. In many cases, the threat will overrun a user’s bundling quota, which subjects you to even more unwanted charges,” the company said.

While the malware may not steal data or cause other damage to the device, NQ Mobile still considers it a threat due to the fact that it can rack up a users’ phone bill by sending costly messages.

NQ says it has notified Chinese mobile carriers of the threat, and has provided its technology to China’s top mobile carriers including, China Mobile and China Unicom as well as Baidu Mobile Services, to help reduce the spread of mobile malware.

This past summer, researchers from TrustGo discovered a mobile threat targeting Android phones that was said to have infected roughly 500,000 devices, mainly in China. Called “SMSZombie”, the malware was little threat to users outside of China, as the prime function of the mobile malware was to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China.

SecurityWeek contacted Lookout, a mobile security firm based in San Francisco, to see if they had any information on the “Bill Shocker” threat. A Lookout spokesperson told SecurityWeek that it was hard to measure the threat’s significance without access to the sample. “As soon as NQ releases more details on the threat, we’ll be able to determine if this is in fact a new threat, and who it is affecting,” the spokesperson said.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.