China Mobile malware melds techniques to run up premium charges

Android malware in China is nothing new, and premium service malware samples have been present on mobile platforms for years. So why is a new report on a China Mobile Android infection raising eyebrows?

Researchers at Trend Micro have found a Trojan application believed to be making the rounds in China which combines premium service abuse with word matching. The result is an infection which can specifically target which services to subscribe to, and even conceal itself based on the words people type in text messages.

The security firm explained that the malware writers use the old infection technique of bundling an otherwise legitimate application with a Trojan component. Once installed on the victim's handset, the infection begins monitoring text messages.

Rather than steal data from the messages or send spam to the contacts list, the malware waits for the victim to receive spam messages advertising premium services. The malware checks for keywords commonly used by the premium service texts, and then automatically replies with a confirmation message that subscribes the victim to the premium service.

The researchers also believe that the malware uses text recognition tools to cover its trail. Messages sent from numbers commonly associated with premium services are automatically deleted by the malware, preventing the victim from knowing that a spam message was ever sent.

The technique is a clear reminder that mobile malware differs in many ways from its PC counterparts. As we use our handsets in ways we never used our desktop computers, malware writers will develop unique ways to infect victims and extract money.

In the meantime, Apple's draconion App Store controls don't seem so bad ...