100,000 Android Users Infected with Application-Buying Trojan
A new Android Trojan that buys applications on behalf of users has been discovered on the China Mobile Martketplace. Dubbed MMarketPay.A, the Trojan affects Chinese users subscribed to China Mobile, one of the world’s largest mobile phone carriers.
According to a report by mobile security company TrustGo, the Trojan is delivered on nine distinct app stores. When it reaches the mobile, it starts buying applications from China Mobile’s marketplace, which does not require the user to log in but rather identifies each user as it uses a China Mobile Access Point Name (APN). This allows China Mobile to add the price of every purchased application to the monthly phone bill.
If the user is not connected to the China Mobile APN, the Trojan tries to automatically connect to it and then starts a web browser in the background. It then navigates to the market and simulates clicks to buy specific applications. These actions are not visible to the user, so the scheme can go on for quite a while until the victim spots the abuse.
According to TrustGo, the infected applications have been downloaded more than 100,000 times, but given the fact that it targets China Mobile’s users, it hasn’t been seen outside China.