Another SMS Trojan Appears on Android Phones

When the trojan is installed, it'll ask you to access Android's messaging system
  • (PC World (US online))
  • — 10 September, 2010 08:15

Kaspersky Labs first announced its detection of what appeared to be the first of several SMS Trojans on Google's Android operating system on August 9th. The application released in Russian markets outside of Google's Android Market, was disguised as a media player. Once installed, the code would send 3 premium SMS messages, effectively transferring the US equivalent of ~$18 from the user to the recipient company.

On Wednesday, Kaspersky Labs expert Denis Maslennikov revealed a new Trojan very similar to the first. Again targeting Russian users, this app is disguised as a pornographic media player. What is interesting is not the recurrence of the premium SMS dialing (sending an SMS to a pay service, such as donation codes for the Red Cross, or ringtone services advertised on Television ), but the method in which installing the app is brought to users attention.

The authors of this particular trojan use a tactic known as search engine poisoning to spread the malware. That is, they crafted Websites specifically to appear near the top of search results for certain search queries. By placing malicious websites at the top of search results, mobile users who are by nature looking for fast easy results are more likely to click through without due diligence of ensuring the top hits are safe. This has been a common theme of PC-based malware and is now a lucrative trend in the mobile domain for an increasingly popular platform.

When the trojan is installed, it'll ask you to access Android's messaging system. If you deny it, the malicious portion of the code will not be allowed to function. It's a lesson in both trusting your application sources, and paying attention to mandatory security prompts for sure.

Remember that once you have given permission to an application, it rarely if ever will need to request permission again. The simple media browser in this case can wantonly send SMS messages whenever it is active, and you will be none the wiser, till you see the bill.

More from PCWorld's GeekTech blog...

* Palm Releases WebOS 2 Details

* Ika-tako Virus Replaces Your Files With Octopus Photos

* Android Game Is a Spy App in Disguise

Follow GeekTech on: Facebook | Twitter | Digg | RSS

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joshua Stein

PC World (US online)
Topics: Google, security, Google Android, kaspersky lab, malware
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?