Chinese AV Sellers Accused Of Bundling Malware

A Chinese mobile security firm has been accused of bundling viruses with its anti-malware software in an expose aired on Chinese state-run television.

The expose claims the company NetQin partnered with another mobile software firm, Feiliu, to deliberately infect smartphones with malware and then charge users for removing it, according to CNET’s Asian blog Sinobytes. The expose was first aired on a state-run Chinese Central Television programme on March 15, according to the blog.

NetQin sells its mobile security app for various platforms in at least three Chinese network app stores. The country’s three major cellular communications companies – China Mobile, China Telecom and China Unicom – have blocked sales of the software through their app stores for the time being pending further investigation, according to both Asian branches of ZDNet and CNET. The carriers have also stopped all payment processes, preventing NetQin from charging customers for the updates on their phone bills.

Inherent Malware Or Deliberate Trojan?

When users downloaded and installed the NetQin antivirus application on their device, it allegedly downloaded the malware from Feiliu. It is unclear at this time whether Feiliu is a legitimate tool that happened to be malware-ridden or if it was a stand-alone virus.

It may even be four non-malicious files that just slowed down the phone’s performance and NetQin would just delete the benign files to fix the repair, according to ZDNet China (via Google Translate). Once downloaded, NetQin detected the Feiliu malware, triggered an alert and instructed users to download an update to remove the problem, CNET Asia reported. Users were charged 2 RMB, or $0.30, for downloading the update to restore the phone to normal.

The NetQin app also uninstalled other antivirus software that may already be on the device. The malware infection affected only the Java-based version of NetQin’s app running on phones from such makers as Nokia and Sony Ericsson, according to reports. Android users did not receive an alert from NetQin and were unaffected by the malware.

Both Feiliu and NetQin have denied the accusations and criticised CCTV for “inaccurate reporting.” Feiliu declined to comment and have not issued any formal statement.

“NetQin has strong ethical standards and abides by all applicable industry rules and regulations. The allegations waged against us are entirely false,” the company said in an email to eWEEK.

Major Player In Security Market

A Frost & Sullivan white paper on China’s mobile security market found that NetQin had the largest share, at 67.7 percent. NetQin filed for a $100 million initial public offering on the New York Stock Exchange on March 15. Piper Jaffray is underwriting the IPO, according to Reuters.

NetQin previously found and alerted users to one of the earliest Android Trojans in the Chinese app market, HongTouTou.

According to an article on Chinese news portal Sohu (via Google Translate), Xinhua, the state-run news agency, reported that the two companies are under investigation by the Ministry of Industry and other departments on embezzlement charges.

NetQin is preinstalled by default on various Nokia models in China and used to be available through the company’s Ovi app store. Nokia has allegedly severed ties with the firm, according to ZDNet Asia. NetQin was no longer available in the Ovi store as of March 24, eWEEK confirmed. Nokia did not respond to requests for comment.

According to the ZDnet China article, NetQin is Feiliu’s second largest shareholder and the two companies have a strategic partnership.