The growing popularity of Android and the tendency of users to store important data on their mobile phones are attracting many hackers. They are targeting users of Google Android mobile operating system with a malicious application that harvests personal information, controls the system and sends it to a remote server.
We have received one such malware targeting Chinese Android users. It uses a SMS-based subscription system to sign-up the users for certain services without the user’s knowledge and consent, causing the user financial loss.
In China the SMS-based subscription involves three stages.
1: A user sends a service-subscribing SMS message to a service provider.
2: The service provider replies with a service-confirming SMS message that contains detailed information of the service back to the user.
3: The user needs to confirm the subscription by replying back with another SMS message with certain content such as “Y”. If the user does not do so, it means he does not wish to sign up for the service.
This malware confirms subscription to premium SMS services without user acknowledgment or confirmation and this can cause financial loss.
After installation, its icon looks like this:
During installation, it asks the user for the following permissions:
The malware sends confirmation and mentions the name of the user with the text ‘Y’ to complete the process:
The malware then sends an SMS with confirmation to the service provider:
Quick Heal Mobile Security detects this malware as Android.RogueSPPush.A.