The new Android-trojan secretly buys the application

Malicious programs for Android, nobody will be surprised. And while Google Play they are quite rare, in the alternative Chinese catalogs dozens or even hundreds of applications are equipped with one or another trojan. Almost all of them made ​​by one PATTERNS: or are sending paid SMS, or steal passwords and send them to a remote server. But now the company TrustGo reported something new : the Chinese catalogs found a Trojan that makes money for its owners through secret purchases of mobile applications and in-game content.
The program was called MMarketPay. Malware is distributed through nine catalogs of software in the Chinese Internet. According to experts, the infected. Apk download, and probably installed on their phones more than 100,000 users. Here is a list of infected programs:
After installing a trojan MMarketPay begins little by little spending money by making purchases in a catalog of software Mobile Market , which is owned by cellular operator China Mobile. Malicious program is able to automatically place orders for paid programs and content. There is one thing: the proof of purchase you must enter the confirmation code on the site that comes to him via SMS. So, the trojan is able to capture SMS and enter the desired code. Additionally, it cuts the image code CAPTCHA, which is also required to enter to confirm the purchase on the site - a picture is sent to a remote server for recognition.
Another interesting point is that the user authorization in the Mobile Market store is performed automatically when a user goes to the Internet through an access point, China Mobile. Therefore, the first Trojan to make changes to the phone settings APN CMWAP. The cost of those purchases deducted from the subscriber's account operator China Mobile.
Below is a snippet MMarketPay, which starts play automatically paid video.

Source: hak-club