Slashdot Mirror

← Back to Stories (view on slashdot.org)

"SMSZombie" Malware Infects 500,000 Android Users In China

Posted by samzenpus on from the new-threat-on-the-block dept.

wiredmikey writes "Researchers have recently discovered a new sophisticated and resilient mobile threat targeting Android phones that is said to have infected about 500,000 devices, mainly in China. Called 'SMSZombie,' the malware is stubborn and hard to remove, but users outside of China have little to worry about with this latest discovery. The prime function of the mobile malware is to exploit a vulnerability in the mobile payment system used by China Mobile, making it of little value to the fraudsters outside of China. The malware takes advantage of a vulnerability in the China Mobile SMS Payment process to generate unauthorized payments to premium service providers, and can also remotely control the infected device. It has been spread via wallpaper apps that sport provocative titles and nude photos, and can only be removed using a lengthy process beyond the skills of a typical android user."

9 of 116 comments (clear)

  1. Re:"Lengthy Process" by Thantik · · Score: 4, Insightful

    In addition to removing it from device administrators. Which is like 2 actual steps. It's very tame compared to what it _could_ take.

  2. So... by jamstar7 · · Score: 3, Funny

    THIS is the dreaded Zombie Apocalypse we're constantly warned about??

    --
    Understanding the scope of the problem is the first step on the path to true panic.
  3. Re:Obvious scam by mlts · · Score: 5, Interesting

    You would be surprised how easy it would be to get stung by this by an average user [1].

    A couple months ago, I was browsing for a couple games. Looked at the game, and it demanded every right under the sun. Of course, it didn't get the second install click.

    However, it was a game with an icon that was the logo for a popular game show, so it looked "legit" enough to a user. Most Android users are not the top tier IT people who know exactly what an app should and should not be doing. They tend to see an app, tap it, and go from there.

    All and all, the Android permissions are working fine. The app couldn't do much to hide in the system, so someone removing the device admin and then the app resulted in a cleanup. Had the app had root, it could insert itself into a lot more places.

    The problem is that whomever is the curator of the app store [2] in question. There really needs to be at least two tiers with some warning about entering into Mordor for the second tier. Android needs to have default stores like Amazon's that apps are vetted to a strict code before they hit the store. Not just checked with a scanner like the Bouncer, but put up to a higher tier of rules than the free-for-all of the present Google Play store. The reason for the higher standard is to minimize the "developer banned at 9:00, app is back in the store at 10:00 under a different name", which was not uncommon.

    Android is great (and it can be argued that the OS is more secure than iOS when compared side to side [3]); it just needs a beefy gatekeeper enforcing a proper dress code. iOS's security would be significantly weakened without an active gatekeeper, and Apple has done a good job at keeping the nasties out of the Apple ecosystem.

    [1]: The Dancing Bunnies "hole" has defeated many security systems.

    [2]: I wasn't sure if it is Google or what, so using "app store" as a generic term. App Store would likely mean Apple's offering.

    [3]: iOS depends on the "jail" system completely. A rooted Android device does not lessen any security, unless the user decides to let an app through via "Superuser" that shouldn't have root.

  4. Lengthy Process? by rudy_wayne · · Score: 4, Funny

    can only be removed using a lengthy process beyond the skills of a typical android user.

    The "lengthy process" consists of:

    Go to System Settings >> Location and Security >> Select Device Administrators
    Remove "Android System Service"
    Go to System Settings >> Applications >> Manage Applications >> Android System Service
    Choose "Uninstall"

    OMG!!!

    4 steps!!!!!! It's so complicated!!!!!!!!

  5. Re:"Walled garden"? by fuzzyfuzzyfungus · · Score: 5, Insightful

    Apple is quite lucky that that nobody ever weaponized anything back in the good old days of Jailbreakme... In-browser TIFF exploit leading to full root access just by loading a web page.

    Google, of course, is similarly lucky that nobody bothered to do anything wacky during the "yeah, everything you type gets silently dumped to a root shell, why do you ask?" period in early android...

    Punchline is, the state of 'mobile' security(really, security in general) is pretty fucking dire, and the current frenzy to tie as many payment systems as possible to mobile phones is complete insanity, except from the perspective of the bottom lines of the respective payment processors, naturally.

  6. Re:"Walled garden"? by 93+Escort+Wagon · · Score: 4, Interesting

    Amazon apparently still needs to learn this, given the recent Kindle Touch remote root exploit.

    --
    #DeleteChrome
  7. Re:"Walled garden"? by Shoten · · Score: 5, Insightful

    Sorry guys, but he's got a point. The attack vector here is an app that people voluntarily run, and the walled garden has been effective against that. Are there other vectors? Yeah. But that doesn't mean that his point about this one vector is wrong...it's not wrong at all. It took 5 years for the first malicious app to slip past Apple, and even then, the nature of how it all works meant Apple could remove it from everyone's iPhone with a single update. Android can't boast the same, either on the prevention or the remediation side. I don't hold any hate for either side, but this is just simple truth we're talking here. There have been scores of trojaned Android apps, and many for jailbroken iPhones as well...but only one, ever, for standard iPhones.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  8. Re:"Walled garden"? by AK+Marc · · Score: 3, Interesting

    Because capitalism is inherently anti-free market. In free market capitalism, we'd have processors coming in at cost + small% to do the same thing. Instead, we have monopoly based economics, with Visa/MC having a vast majority of the business, and network effects that keep out most competitors. So the price for the service is based on profit maximization, not revenue maximization at a minimum profit level.

    I've seen a $200 box with a patent sell for $50,000+ because the "value" was $50,000 plus, but the patent was obvious and not novel (It was essentially signal cancellation for an expensive piece of communications gear, with court cases about it because two companies patented the same thing at the same time, both valid because the patent office isn't technical enough and the filing periods overlapped so neither was granted before the other was filed, so not previous art for the other).

    --
    Learn to love Alaska
  9. Re:"Walled garden"? by fuzzyfuzzyfungus · · Score: 3, Insightful

    In the context of this article, it's probably worth noting that(even if the iPhone feature described works exactly as advertised) it is aimed at mitigating a completely different class of attack.

    Disk encryption setups aim to protect a lost or stolen device, in the physical custody of the attacker, from revealing whatever information is on the disk. They have no effect when the device is on and operating under the user's credentials(transparency is considered a feature).

    This attack in China is an attack on a live system, using the credentials of the user(or higher) to perform malicious operations as them. Even if the disk were encrypted in a suitably robust way, it'd be happily handing over whatever this bug asked for.