Ever since the past weekend, Android smartphone users have been worried about their phone bill as NetQin has found a malware (“Malware” or “the Malware”) lurking within more than 20 Android applications circulating via various forums on the internet which auto-dials phone numbers to incur high user fees. So far, more than ten of its variants are captured every day, bearing almost the same characteristics, about which you can find more details at http://virus.netqin.com/en/android/list/1/. The infected mobile applications include QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey and Gold Miner among others.
Named BaseBridge, the Malware can be embedded in legitimate applications, and when the applications are being installed, the Malware prompts the user to upgrade, and once the user chooses to upgrade, the Malware is installed in the device under the software name “com.android.battery”. Then, another prompt would pop up to ask the user to restart the app to run it, and the Malware is formally activated upon restarting.
Upon activation, the Malware would activate three malicious services — AdSmsService, BridgeProvider and PhoneService — to communicate with a control server, from which it will download a configuration list to read related information and dial calls or send out SMS messages accordingly, incurring fees for the users. Meanwhile, the Malware also blocks messages from the mobile carrier to prevent users from getting fee consumption updates in time so that all malicious activities are undertaken stealthily without the user’s knowledge or consent. The Malware may also insert messages to the inbox of a mobile device at a designated time.
“Auto dialing” generally refers to the act of a malware that has intruded and taken over a mobile device in dialing a number without the user’s knowledge. Malware often control mobile devices, using them to dial a designated number which may incur high fees in the process. This is the first time an auto-dialing malware that causes fee deduction is spotted on Android devices although similar software was once found on Symbian devices, which is a sign that mobile threats on Android are becoming more diversified.
This is another large-scale outbreak of Android malware after DroidDream that has forced Google to remove more than 50 rogue applications from its Android Market earlier this year, once again sounding alarms for mobile users that mobile threats cannot be ignored. Though the malware is not distributed through legitimate application stores so far, such as Android Market, there is something we should do to prevent it from spreading. On NetQin’s side, we have updated our virus database to include the definitions of the virus so that we can provide the users with the most comprehensive identifying capacity. On the user’s side, you should always keep alert when using a smartphone and here are some tips for you to follow:
1. Download applications from trusted sources, reputable application stores and markets, and be sure to check reviews, ratings and developer information before downloading. Scan the downloaded application with authoritative security software to avoid malware in disguise.
2. Do not blindly accept requests from software such as upgrade or update as they maybe initiated by viruses or malware.
3. Be alert and look out for unusual behavior on the part of mobile phones, such as stealthy SMS messages or extra charges on the phone bill, as this may be a sign of infection.
4. Keep security software on the phone up to date and perform a full scan regularly to prevent any potential threats. NetQin Mobile Anti-virus is protecting millions of users across the globe with its “Cloud+Client” scan engine. Download is available at http://www.netqin.com/en/antivirus/download/ and on Android Market.