Chinese mobile security firm NetQin has been accused of partnering with software company Feiliu in bundling malware with antivirus applications and charging users before removing the malware.
A Chinese mobile security firm has been accused of bundling viruses with its
anti-malware software in an expose aired on Chinese state-run television.
The expose claims the company, NetQin, partnered with another mobile
software firm Feiliu to deliberately infect smartphones with malware and then
charge users for removing it, according to CNET's
Asian blog Sinobytes. The expose was first aired on a state-run Chinese Central
Television program on March 15, according to the blog.
NetQin sells its mobile security app for various platforms in at least three
Chinese network app stores. The country's three major cellular communications
companies-China Mobile, China Telecom and China Unicom-have blocked sales of
the software through their app stores for the time being pending further
investigation, according to both Asian branches of ZDNet and CNET.
The carriers have also stopped all payment processes, preventing NetQin from
charging customers for the updates on their phone bills.
When users downloaded and installed the NetQin antivirus application on
their device, it allegedly downloaded the malware from Feiliu. It is unclear at
this time whether Feiliu is a legitimate tool that happened to be
malware-ridden or if it was a stand-alone virus.
It may even be four nonmalicious files that just slowed down the phone's
performance and NetQin would just delete the benign files to fix the repair,
according to ZDNet
China (via Google Translate)
. Once downloaded, NetQin detected the Feiliu
malware, triggered an alert and instructed users to download an update to
remove the problem, CNET
reported. Users were charged 2 RMB, or $0.30, for downloading the
update to restore the phone to normal.
The NetQin app also uninstalled other antivirus software that may already be
on the device. The malware infection affected only the Java-based version of
NetQin's app running on phones from such makers as Nokia and Sony Ericsson,
according to reports. Android users did not receive an alert from NetQin and
were unaffected by the malware.
Both Feiliu and NetQin have denied the accusations and criticized CCTV for "inaccurate
reporting." Feiliu declined to comment and have not issued any
strong ethical standards and abides by all applicable industry rules and
regulations. The allegations waged against us are entirely false," the
company said in an e-mail to eWEEK.
A Frost & Sullivan white paper on China's
mobile security market found that NetQin had the largest share, at 67.7
percent. NetQin filed for a $100 million initial public offering on the New
York Stock Exchange on March 15. Piper Jaffray is underwriting the IPO,
according to Reuters.
NetQin previously found and alerted users to one of the earliest Android
Trojans in the Chinese app market, HongTouTou
According to an article on Chinese news portal Sohu
(via Google Translate)
, Xinhua, the state-run news agency, reported that
the two companies are under investigation by the Ministry of Industry and other
departments on embezzlement charges.
NetQin is preinstalled by default on various Nokia models in China
and used to be available through the company's Ovi app store. Nokia has
allegedly severed ties with the firm, according to ZDNet Asia. NetQin was no
longer available in the Ovi store as of March 24, eWEEK confirmed. Nokia did
not respond to requests for comment.
According to the ZDnet China article, NetQin is Feiliu's second largest
shareholder and the two companies have a strategic partnership.