Sunday, February 20, 2011
Newly Discovered Chinese Virus for Android Sends Private Data via SMS
Do you like this story?
NetQin Mobile, one of the leading mobile security software providers has just announced that it has recently identified a new virus on Android devices. According to NetQin, the virus known as “MSO.PJApps” is said to be causing private data leaks and to secretly subscribe users to paid services.
It seems that the virus was repackaged into some of the most popular mobile applications available for download from an application download site in China.
As soon as the user installs the application containing the virus on his mobile device, “MSO.PJApps” will connect to certain sites and start sending text messages containing the mobile device's IMEI number, as well as other data to designated numbers controlled by a remote server,
Besides the above mentioned actions, the virus receives commands from the remote server to download and install software without user's permission, which may lead to unintended service subscription charges.
According to NetQin, “the "MSO.PJApps" virus is injected into legitimate mobile applications and modifies the application entry in Manifest.xml to add certain modules. It is activated in the background with a change in signal and when the relevant program starts automatically.”
“It encrypts the domain names of the site which is connected to. The virus author disguises the malicious URLs as being encrypted with BASE64, while the URLs are actually encrypted with an algorithm designed by himself,” concluded the Mobile Security Center of NetQin Mobile Inc.
The mobile software security developer that identified the virus also found a solution to the threat within 12 hours and updated its virus database to ensure that Android device users are protected against the intrusion.
Even though the virus seems to be limited to Chinese market for the moment, there's no telling if this spreads to other application markets
It seems that the virus was repackaged into some of the most popular mobile applications available for download from an application download site in China.
As soon as the user installs the application containing the virus on his mobile device, “MSO.PJApps” will connect to certain sites and start sending text messages containing the mobile device's IMEI number, as well as other data to designated numbers controlled by a remote server,
Besides the above mentioned actions, the virus receives commands from the remote server to download and install software without user's permission, which may lead to unintended service subscription charges.
According to NetQin, “the "MSO.PJApps" virus is injected into legitimate mobile applications and modifies the application entry in Manifest.xml to add certain modules. It is activated in the background with a change in signal and when the relevant program starts automatically.”
“It encrypts the domain names of the site which is connected to. The virus author disguises the malicious URLs as being encrypted with BASE64, while the URLs are actually encrypted with an algorithm designed by himself,” concluded the Mobile Security Center of NetQin Mobile Inc.
The mobile software security developer that identified the virus also found a solution to the threat within 12 hours and updated its virus database to ensure that Android device users are protected against the intrusion.
Even though the virus seems to be limited to Chinese market for the moment, there's no telling if this spreads to other application markets
This post was written by: Rishikesh
Rishikesh is a 17 years old part time blogger, web designer and front end web developer. Follow him on Twitter
Subscribe to:
Post Comments (Atom)
0 Responses to “Newly Discovered Chinese Virus for Android Sends Private Data via SMS”
Post a Comment