Even though malicious Android apps can occasionally be found on Google Play, Chinese third-party online Android markets are known for offering them by the hundreds, if not thousands.
Most of them do one of two things: collect personal and device information, or send out pricy messages to premium rate numbers. But now and then, an app that doesn't follow that pattern crops up.
Researchers of mobile security company TrustGo have recently unearthed a new type of Android malware whose goal is to surreptitiously buy apps and other content from China Mobile’s Mobile Market without alerting and needing the permission of the user.
Dubbed MMarketPay, the Trojan comes repackaged with a number of legitimate travel and weather apps, and is currently offered on no less than nine online Chinese Android markets.
According to the researchers, it has already been downloaded and likely installed by more than 100,000 users.
The malicious apps takes advantage of the easily subverted Mobile Market's payment workflow
Read more: https://www.net-security.org/malware_news.php?id=2179