It seems that the virus was repackaged into some of the most popular mobile applications available for download from an application download site in China.
As soon as the user installs the application containing the virus on his mobile device, “MSO.PJApps” will connect to certain sites and start sending text messages containing the mobile device's IMEI number, as well as other data to designated numbers controlled by a remote server,
Besides the above mentioned actions, the virus receives commands from the remote server to download and install software without user's permission, which may lead to unintended service subscription charges.
According to NetQin, “the "MSO.PJApps" virus is injected into legitimate mobile applications and modifies the application entry in Manifest.xml to add certain modules. It is activated in the background with a change in signal and when the relevant program starts automatically.”
“It encrypts the domain names of the site which is connected to. The virus author disguises the malicious URLs as being encrypted with BASE64, while the URLs are actually encrypted with an algorithm designed by himself,” concluded the Mobile Security Center of NetQin Mobile Inc.
The mobile software security developer that identified the virus also found a solution to the threat within 12 hours and updated its virus database to ensure that Android device users are protected against the intrusion.
Even though the virus seems to be limited to Chinese market for the moment, there's no telling if this spreads to other application markets.
For those who wish to protect their devices against such threats NetQin Mobile Anti-virus for Android is available as a free download from Here
No comments:
Post a Comment