On July 4 TrustGo discovered new malware dubbed Trojan!MMarketPay.A@Android on China Mobile’s Mobile Market. This new malware was able to automatically place orders on behalf of users and jack up their phone bills as part of the payload. The virus spread to 9 China markets (nDuoa, GFan, AppChina, LIQU, ANFONE, Soft.3g.cn, TalkPhone, 159.com and AZ4SD); infecting more than 100,000 devices.
Emil Protalinski of ZDNet states in a blog post that “It works by silently downloading paid apps and multimedia content from Mobile Market, an Android app store hosted by China Mobile, one of the largest wireless providers in the world.”
Normally China Mobile customers receive a verification code via SMS after purchasing an app from Mobile Market. Then the customer would go to Mobile Market to input their SMS code to begin the download (the order is then charged to their phone bill).
MMarketPay.A automates this process and downloads as much as it can so that victims rack up huge phone bills. It finds paid content, simulates a click action in the background, intercepts the received SMS messages, and collects the verification code sent by Mobile Market. If a CAPTCHA image is invoked, the malware posts the image to a remote server for analysis.
In short, MMarketPay.A is a complex little bugger. If you’re using an Android device on China Mobile, you may want to check your phone bill and make sure there’s nothing suspicious on it. —-Emil Protalinski for Zero Day | ZDNet
To avoid malicious apps like MMarketPay.A, you should avoid downloading non-Market applications from “unknown sources” and purchase apps from the official Google Play Store. You can tweak the application options on your Android via Settings > Applications and uncheck “Unknown Sources.”