An unnamed 19-year-old software engineering student, identified only as "Li," was arrested just 17 hours after his "Heart App" Google Android malware infected more than 100,000 phones. The malware was able to spread so quickly by relying on the contact lists of compromised devices, with users downloading the fake app, which then sent out a text urging users to download the app as well.
Chinese wireless carriers were quick to block more than 20 million infected messages from being sent out to new users. The 19-year-old will be identified following completion of the investigation by Shenzhen police, where the student went for vacation. It seems the custom malware was designed just as proof of his ability to write code.
To uninstall the malware, Sophos recommends the following: head to Settings | Apps | Downloaded and uninstall XXshenqi app.