At the moment, the perpetrators are targeting customers of the world's largest mobile provider, China Mobile. The Trojan gains access to the mobile provider's app store and can then download and install additional malware or paid apps. G Data Security Labs thinks it might spread to the rest of the world.
Online criminals have been using the Android malware MMarketPay.A as a new way of making money from e-crime. Previously, malware writers had been focusing on the theft of personal data, spy attacks and sending premium-rate SMSes. Now they have managed to gain access to a mobile provider's app store for the first time. To do this, the malware changes the mobile device's access point name (APN) and connects to China Mobile.
Access points on tablets and smartphones are usually used by mobile providers to provide system up-dates, for example. Here, the Trojan intercepts the confirmation message and provides a response via a special server. The malware can thus access China Mobile's app store without logging in, then purchase and install any apps at the victim's expense at any time.
