Security researchers say they have found the first SMS Trojan targeting Google Android-based devices. According to Kaspersky Lab, the malware, once installed, will send expensive text messages that will pad your bill.
Security researchers are warning users of Google
Android-based devices about the appearance of what may be the first Short Message
Service Trojan targeting their devices. It was originally discovered on a
Russian smartphone news site.
Dubbed Trojan-SMS.AndroidOS.FakePlayer.a, the malware is
being used to ring up charges by sending text messages to premium rate numbers.
According to Denis Maslennikov, senior malware researcher at Kaspersky Lab, the
Trojan passes itself off as a media player named Movie Player.
"During installation, the user is asked to allow this
application to change or delete memory card data, send SMS [messages] and read
the data about the phone and phone ID," Maslennikov wrote on Kaspersky's
Aug. 10. "This is a huge red flag-why does a simple media
player require permission to send SMS messages?-and anyone who's paying
attention during the installation process will immediately be suspicious."
If users install the malware, it will send SMS messages to
two premium-rate numbers, "with each message costing roughly $5. It does
this ... without requiring any confirmation from the device owner,"
According to mobile security vendor Lookout,
the Trojan is
so far only affecting "Android smartphone users in Russia and
only works on Russian networks." The company said it has not observed the
malware in the Android Market.
"Our application permissions model
this type of threat," a Google spokesperson told eWEEK. "When
installing an application, users see a screen that explains clearly what
information and system resources the application has permission to access, such
as a user's phone number or sending an SMS. Users must explicitly approve this
access in order to continue with the installation, and they may uninstall
applications at any time. We consistently advise users to only install apps
they trust. In particular, users should exercise caution when installing
applications outside of Android Market."
Lookout recommended that users review their phone bills for premium
SMS messages they did not send. Also, "If you have recently downloaded a
media player, check the permissions to ensure [that] it does not have the
ability to send SMS messages," the company added.
"Automatically permitting a new application to access
every service it requests means you could end up with malicious or unwanted
applications doing all sorts of things
without requesting any additional
confirmation," Maslennikov warned. "And you won't know anything about