Hackers Hijack 1 Million China Cell Phones

Zombie text sending malware is racking up $300,000 in charges per day.

Mathew J. Schwartz, Contributor

November 10, 2010

2 Min Read
Dark Reading logo in a gray background | Dark Reading

How Firesheep Can Hijack Web Sessions

How Firesheep Can Hijack Web Sessions


(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions

More than 1 million cell phone users in China has been infected with a virus that automatically sends text messages, and the attack is costing users a combined 2 million yuan ($300,000 U.S.) per day.

According to Shanghai Daily, "the 'zombie' virus, hidden in a bogus antivirus application, can send the phone user's SIM card information to hackers, who then remotely control the phone to send URL links."

Some of the dispatched text messages contain links to more viruses. Click the link, and your phone could likewise be infected. Other text messages get automatically dispatched to premium-rate phone numbers, generating profits for the attackers while draining subscribers' accounts.

Mobile security expert Zou Shihong at Beijing University Posts and Telecommunications likened the new attack to a pyramid scheme, since by texting everyone in an infected user's address book, the malicious code has the potential to spread exponentially.

According to Zhou Yonglin, an official with China's National Computer Network Emergency Response Team, about 1 million cell phones had been infected since the beginning of September, and mobile operators were having difficulty eradicating the malicious application, owing to the breakneck pace of new variations appearing.

The cell phone virus attack mirrors the Troj/SymbSms-A malware seen earlier this year, which infects Symbian phones. That particular attack targeted Russian cell phone subscribers, infecting their phones with a virus that automatically texted premium-rate Russian phone numbers.

Expect an increase in the number of viruses that target cell phones for profit, according to a recent analysis of mobile device security trends from security vendor Imperva. "We expect exponential growth in the number of incidents related to mobile devices in the next few years... from theft or compromise of information in these devices, through massive infection campaigns, and up to frequent [exploits] of the vulnerabilities introduced into the server side."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

See more from Mathew J. Schwartz
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

A woman sitting at a laptop and holding a mobile device, the screens of both displaying a green check mark in a circle
Cyberattacks & Data Breaches
Researchers Crack Microsoft Azure MFA in an HourResearchers Crack Microsoft Azure MFA in an Hour
byElizabeth Montalbano, Contributing Writer
Dec 11, 2024
4 Min Read
The words "zero-day" written in a line of code on a computer screen
Application Security
Microsoft NTLM Zero-Day to Remain Unpatched Until AprilMicrosoft NTLM Zero-Day to Remain Unpatched Until April
byJai Vijayan, Contributing Writer
Dec 9, 2024
3 Min Read
A patchwork quilt
Application Security
Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch TuesdayMicrosoft Fixes Active Zero-Day, Critical RCEs on Patch Tuesday
byTara Seals, Managing Editor, News, Dark Reading
Dec 10, 2024
5 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers