Authored by:

Malware Alert: MMarketPay Trojan Buys Paid Apps Without Permission

Authored by: Eric McBride — Jul 9, 2012
User picture

 

I’m certainly not a fan of fear mongering, but when a threat comes along that’s specifically designed to take your hard earned money without you knowing it, I feel its worth the heads up. Unfortunately, that’s exactly what a new Android Trojan called MMarketPay does, and it has already reportedly left over 100,000 users out of pocket and very angry.

TrustGo security firm has reported that the Trojan has already spread to 9 app stores, and can be found in multiple applications that appear to be legit. Weather apps, travel apps, and streaming media apps have already been effected, and so far over 100,000 users have been plagued with the rogue code.

The way the trojan works is actually a bit scary. Once downloaded onto your device, it secretly buys apps from China’s Mobile Market WITHOUT informing the user. The trojan is apparently able to intercept China Mobile’s verification SMS without the user ever seeing it, and then posts the code to the Mobile Market to complete the transaction. Even if a CAPTCHA is required, the trojan even goes as far as to send the image to a remote server for analyses. So far, the app stores affected are all in China.

To keep from being affected by this malware, experts state that users should only purchase apps from trusted app stores, but even if you do, we all know that there is still no guarantee that you’ll never see malware on your device. 

Be safe out there guys, and always be careful before you press that download button. 

Picture credits: android-tipstricks.blogspot.de

Source: The Register

4 comments

Write new comment: