MSO.PJApps Virus Makes Android Devices Vulnerable to Security Threats, Quietly Subscribes to Fee-charging Services

Written By Sam on 5 January 2011
Advertisements

Security service provider NetQin Mobile has revealed that a new virus named MSO.PJApps is targeting Android devices. The virus leaks private data and surreptitiously subscribes to fee-based services without the user’s knowledge.

Reports suggest the virus crept into a popular app download site in China recently and has been causing damage since then. Once it finds its way into your handset, it will link up automatically to certain rogue sites and send SMSes including your device’s IMEI number and similar crusial data to selected numbers controlled by a remote server.

Soon the virus will enable your device to receive commands from the remote server, quietly downloading and installing software while you stay blissfully unaware of any foul play. Most victims come to know of the virus’ existence in their devices only when they get intimations to pay up for services they have never subscribed to. In days of mobile banking, having your device open to security threats can cause a lot of damage.

Here’s more about the virus from NetQin Mobile:

“The ‘MSO.PJApps’ virus is injected into legitimate mobile applications and modifies the application entry in Manifest.xml to add certain modules. It is activated in the background with a change in signal and when the relevant program starts automatically. It encrypts the domain names of the site which is connected to. The virus author disguises the malicious URLs as being encrypted with BASE64, while the URLs are actually encrypted with an algorithm designed by himself…”

In view of this new security issue being faced by Android users, NetQin is understood to have updated its mobile security solution immediately to ensure its users are not vulnerable to such attacks. The company also suggests some ways to protect your mobile device from viruses. They include:

  • Downloading applications only from trusted sources, reputable application stores and markets, and ensuring you check reviews, ratings and developer information before downloading any software.
  • Avoiding blind acceptance of application requests. You should closely monitor permissions requested by any application; an application should not request permission to do more than what it offers in its official list of features.
  • Downloading a trusted security application that can scan the applications being downloaded onto any mobile device.

Leave your response!