Security Experts:

SMS Worm Hits Chinese Users Hard, Installs Android Backdoor

A large number of Android devices in China were infected with an SMS worm on August 2, the day the country celebrated Valentine's Day. The creator of this piece of malware has already been identified and detained, according to reports.

Kaspersky Lab said on Wednesday that the malware made its way onto roughly 500,000 devices in just six hours after being launched, but Chinese media reported that it infected a total of over 1 million smartphones. 

According to the security firm, the threat, detected as Trojan.AndroidOS.Xshqi.a, has two components: a spreading mechanism (XXshenqi.apk) and a backdoor (Trogoogle.apk). Once it infects a device, the malware sends SMSs containing a link to all the contacts in the victim's address book in an effort to trick them into installing the Trojan. Then, it attempts to get users to install Trogoogle.apk, detected by Kaspersky as Backdoor.AndroidOS.Trogle.a.

The backdoor has numerous functions. It asks users to register the app, process during which it instructs them to hand over personal information, and it enables the attackers to send various commands to the infected device. Its masters can create and send text messages, and they can also monitor the victim's SMSs and forward them to their own servers.

 "The fact that this Trojan combination appeared on the Chinese Valentine's Day is premeditated, taking advantage of user credulity on this special day. And it uses social engineering techniques to spread as much as possible and infect more devices. This Trojan is a good example of why it's always worth thinking twice about trusting a link received on your mobile phone," Kaspersky researcher Vigi Zhang wrote in a blog post.

According to Chinese media, authorities have already tracked down the individual responsible for creating the Trojan. His name is Li and he studies software engineering.

The 19-year-old college student admitted creating the malware, but claimed that he only did it for fun and to show off his skills. He didn't realize that it would spread so quickly, he told police. Li was detained in the city of Shenzhen while visiting his parents.

“I deeply regret what I have done to the phone users who were affected by the virus,” Li said, cited by the Shenzhen Daily.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.