First SMS trojan for Android detected

Android Logo

Security specialist Kaspersky is reporting that it has detected the first SMS trojan for Android. Once installed, the malware masquerades as a media player and secretly sends out SMS messages to premium rate numbers. The trojan, called Trojan-SMS.AndroidOS.FakePlayer.a, is disseminated as an individual, 13-Kbyte .apk file rather than via the Android Market – some user interaction is required to inject it into a system.

Initially, the user’s settings must allow the installation of software from unknown sources – this option is disabled by default. Secondly, the user has to confirm the access rights to resources and data requested by the app during installation – and a media player requesting the right to send SMS messages should make users suspicious. However, these prerequisites don’t necessarily represent insurmountable obstacles for a trojan, especially if users think they are installing a particularly fantastic ‘must have’ application.

Kaspersky doesn’t say which web pages offer the bogus media player to download, nor does the vendor give any actual distribution figures or regional information.

However, SMS trojans and other malicious Android programs aren’t an entirely new idea. Sporadic SMS trojans have been making the rounds on Symbian smartphones for quite a while, and Android has already been plagued by spyware and online banking trojans before. Instead of installing a virus scanner on their smartphones, users should be cautious when presented with overly promising applications. Speaking of caution: According to a survey conducted by Kaspersky, 36% of smartphone users consider mobile internet services more dangerous than surfing on a PC, and 38% use their mobile to go online at least once a day.

Source.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: