The program was called MMarketPay. Malware is distributed through nine catalogs of software in the Chinese Internet. According to experts, the infected. Apk download, and probably installed on their phones more than 100,000 users. Here is a list of infected programs:
com.mediawoz.goweathercom.mediawoz.gotqcom.mediawoz.gotq1cn.itkt.travelskygocn.itkt.travelskycom.funinhand.weibosina.mobile.tianqitongcom.estrongs.android.popAfter installing a trojan MMarketPay begins little by little spending money by making purchases in a catalog of software Mobile Market , which is owned by cellular operator China Mobile. Malicious program is able to automatically place orders for paid programs and content. There is one thing: the proof of purchase you must enter the confirmation code on the site that comes to him via SMS. So, the trojan is able to capture SMS and enter the desired code. Additionally, it cuts the image code CAPTCHA, which is also required to enter to confirm the purchase on the site - a picture is sent to a remote server for recognition.
Another interesting point is that the user authorization in the Mobile Market store is performed automatically when a user goes to the Internet through an access point, China Mobile. Therefore, the first Trojan to make changes to the phone settings APN CMWAP. The cost of those purchases deducted from the subscriber's account operator China Mobile.


Source: hak-club