Security researchers are warning of yet another Android malware outbreak which has spread to nine app stores and infected 100,000 with code designed to covertly purchase apps and content from China Mobile’s Mobile Market.Nampaknya ini bukan kali pertama yang berlaku di China dan ia tidak akan menjadi yang terakhir. Bersandarkan kepada fakta pasaran telefon pintar yang baru dan bilangan pengguna yang membuat ia amat menarik untuk dibangunkan malware seperti ini.
Mobile security firm TrustGo explained that the MMarketPay.A Trojan could be hidden in a number of legitimate-looking applications, including those from Sina and media streaming company Funinhand, as well as travel and weather apps.
The malware has already been placed in nine different third party Android app markets in China, infecting over 100,000, the firm said.
Once downloaded, the Trojan will automatically place orders for paid content and apps at China Mobile’s official Mobile Market online store without informing the user.
It is able to intercept China Mobile’s verification SMS and post the code to the Mobile Market web site in order to complete the purchase, said TrustGo.
In the event of CAPTCHA being triggered at this stage, the malware will apparently send the relevant image to a remote server for analysis.
The advice from the security experts at TrustGo is for users to only download Android apps from trusted app stores and to have some form of real-time mobile security scanner installed on their device to prevent any dodgy downloads.
China telah dibanjiri dengan telefon bimbit dan tablet Android yang murah, dan tidak mustahil lebih banyak ancaman seperti ini yang akan datang dari sana.
The advice from the security experts at TrustGo is for users to only download Android apps from trusted app stores and to have some form of real-time mobile security scanner installed on their device to prevent any dodgy downloads.Jadi, jika anda tinggal di China dan menggunakan telefon bimbit Android sila berhati-hati dan dalam keadaan selamat.
Visiting an apparently legit app store is no guarantee you’re going to get a malware-free experience, however. Malware is frequently turning up on the official Android marketplace Google Play – although admittedly less frequently than on some of the more dubious third party sites.
The latest discovery came at the tail end of last week when researchers found malware that lifts the victim’s location data and address book info. China in particular has been a hotbed of malicious Android activity for some time.
In April, the Chinese authorities were forced to publically reprimand the country’s two biggest mobile carriers, China Mobile and China Telecom, after uncovering “many problems” in their respective app stores. Globally too, Android continues to be a favourite with cyber criminals.
Walaupun terdapat beberapa kelemahan yang tidak serius seperti kelemahan Abobe Flash tetapi ianya tetap meletakan telefon Android anda pada risiko serangan malware ini atau malware yang lain.
Paling menakutkan adalah malware bijak ini telah dibangunkan untuk membuat pesanan, memintas SMS pengesahan dan menyediakan kembali ke kedai aplikasi android.
Sumber artikel : http://www.theregister.co.uk/2012/07/09/android_trustgo_china_mobile/
No comments:
Post a Comment