08-11-2014 12:08 PM
This is a tricky one. I installs from a link "sent" from a friend who's phone has already been compromised, it then sends itself to the first 99 of your contacts followed by a second stage where it installs a trojan which will steal Personally Identifiable Information.
by Paul Ducklin on August 11, 2014
SophosLabs has been following an interesting Android malware story over the past week.
The malware goes by the name XX神器 (XXshenqi) in Chinese, or the Heart App, as it calls itself in English.
In theory, the implication seems to be that you can use the app, which you receive as an SMS invitation from one of your friends, to organise a romantic hook-up.
In practice, however, you and your friends will just end up with SMS headaches.
08-12-2014 03:58 PM
On Aug 3rd, Chinese social media websites reported on the latest and largest SMS phishing (smishing for short) attack in China. The public security authorities of multiple cities in Guangdong, Jiangxi, and Jiangsu provinces have posted on their blogs warning Android users of this latest phishing attempt. As shown in Fig. 1, by the time the exploitation attempts were identified, over 100,000 Android users were infected and over 20 Million SMS were sent by the phishing malware. On average, each user was charged ¥30 (RMB) or about US$5.
Fig. 1. Timeline of the XXShenqi malware infecting over 100,000 Android users