An malicious SMS stealing Android malware Trojan that portrays itself as a Security feature for Chinese online payment application, AliPay, has recently been discovered.
The android malware was detected by Zscaler ThreatLabz, while carrying out an analysis of customer protection from mobile threats. According to Zscaler, the app poses itself as “security controls”, and tricks its users into thinking that it actually enhances the security of the AliPay app.
AliPay is used by more than 300 merchants worldwide and has no transaction fee. It supports transactions in 14 foreign currencies and more than 65 financial institutions that include Visa and MasterCard.
Alipay is a third-party online payment platform with no transaction fees, with more than 65 financial institutions including Visa as well as Mastercard. Globally, more than 300 merchants use Alipay. It currently supports transactions in 14 major foreign currencies. AliPay is also considered the PayPal of the East.
As soon as the app is installed, it hides and its icon also disappears. Upon installation, the malware registers Android services and steals SMS. These SMS are then forwarded to the Command and Control (C&C) server.
“We urge users to not trust any unknown links received via messages or emails,” said the research team at Zscaler. “Additionally, disable the option of ‘unknown sources’ under setting.We always suggest that our customers (and everyone) do not trust apps from unknown parties and only download items from the official app stores that are trustworthy, like Google’s Play store.”
Brief account of the android malware app is as follows:
Appname (app label) : 安全控件
Md5 : fad55b4432ed9eeb5d7426c55681586c
Package Name : com.bing.receive
Virus Total Detection : 2/55 (at the time of analysis)
The technical details of the malware app can be read in detail here.