HeartApp Hits 100,000 Infections in Just Three Days

A 19-year old Chinese hacker known only as “Li” was apprehended last week by authorities in Shenzen, China after unleashing a set of malware-laced apps for the Android platform that spread like wildfire throughout the region in only 24 hours after its initial release.

The mobile program, which poses as a sort of dating app that hooks you up with local singles in the area, is actually a piece of particularly devious malware which is able to distribute itself by automatically texting a malicious link to the first 99 users on your contact list.

The link then downloads the same app to their phone, which daisy chains out and grows at an exponential rate. The whole process takes place in the background without you noticing, and would explain how the problem has become so pervasive in such a short amount of time.

Chinese mobile telephone operators including China Mobile, China Unicom, and China Telecom, have already reportedly blocked over 20 million messages, with “at least 100,000 phones infected” in just one day alone.

The app doesn’t contain any real dating functionality of course, a reality that users can only confront after it’s already too late and their phone has become a personal botnet for Li and his constantly multiplying mass of mobile minions.


Photo: Sophos

Android has been on the hunt for all things illicit in the past several months, touting the capabilities of their Bouncer service while also going through their app catalog to manually root out any offenders that might try to infect a user through illicit means.

Paul Ducklin of Sophos Security elaborated on why the problem had spread so quickly in such a short amount of time, in a blog posted on the company’s website shortly after the Chinese police’s first announcement.

“With Google Play not officially available in China, alternative Android markets have flourished, and, by all accounts, Chinese users are accustomed to running their Android phones with the Allow installation of apps from unknown sources option enabled,” Ducklin explained.

Because Bouncer is nowhere to be found on the underground markets, users run the risk of exposing themselves and their devices to the outside world, and although many of the most popular games and apps can be found there for free, Chinese Android owners have to decide whether or not the reduced price tag is worth the cost of losing their data in return.

HeartApp also utilizes a creative way of tricking users into installing a secondary piece of malware, by offering an extra “resource pack” within the app itself that creates another layer of problems that can make the whole ordeal noticeably worse if the owner of the phone doesn’t step in with a proper intervention plan early enough into the process of removal.

“There’s another trick in the virus, because it asks you to install a secondary component (another malware package that is bundled inside the virus itself).

Controlling the secondary install via malware that is already running means the malware author can make this secondary component trickier to remove later – for example, it doesn’t show up on the regular Apps page.”