500,000 Android users in China infected with SMSZombie

The amount of malware crafted and aimed at Android devices is ever-increasing. With Android being the most popular platform for smartphones and tablets around the world, Android users have become the low-hanging fruit when it comes to writing malware by the nefarious users. A new Android threat has affected 500,000 devices in China so far.

The thread is called SMSZombie and is said to be difficult to remove. The good news for Android users outside China is that people who don't live in that country have little to worry about from the zombie scourge. The vector of attack for the malware is to exploit a vulnerability in the mobile payment system used by China Mobile.

Security company TrustGo says that the SMSZombie malware is spreading within China through forums and has been discovered inside several packages on GFan, which is China's largest mobile app marketplace. TrustGo contacted GFan to inform them of the infected payloads, but apps with SMSZombie are still available for download and are still being downloaded.

SMSZombieA was first discovered on August 8, and the malware is embedded in several wallpaper apps. The wallpaper apps are noted to use provocative titles and nude images to encourage users to download. For instance, one infected app is called "Android Animated Screensaver: Animated Album I Found When I Fixed My Female Coworker's Computer." Once set as the wallpaper app the malware prompt the user to install additional files and if the user agrees to install the files, the payload delivered is called Android System Service.

After that, the malware can obtain administrator privileges on the device and then generates unauthorized payments to premium service providers and may steal bank card numbers and money transfer receipt details. It also deletes any SMS receipts to help hide its tracks.

[via SecurityWeek]