First Google Android SMS Trojan Found, Researchers Report

 
 
By Brian Prince  |  Posted 2010-08-10
 
 
 

Security researchers are warning users of Google Android-based devices about the appearance of what may be the first Short Message Service Trojan targeting their devices. It was originally discovered on a Russian smartphone news site.

Dubbed Trojan-SMS.AndroidOS.FakePlayer.a, the malware is being used to ring up charges by sending text messages to premium rate numbers. According to Denis Maslennikov, senior malware researcher at Kaspersky Lab, the Trojan passes itself off as a media player named Movie Player.    

"During installation, the user is asked to allow this application to change or delete memory card data, send SMS [messages] and read the data about the phone and phone ID," Maslennikov wrote on Kaspersky's Securelist blog Aug. 10. "This is a huge red flag-why does a simple media player require permission to send SMS messages?-and anyone who's paying attention during the installation process will immediately be suspicious."

If users install the malware, it will send SMS messages to two premium-rate numbers, "with each message costing roughly $5. It does this ... without requiring any confirmation from the device owner," Maslennikov wrote.

According to mobile security vendor Lookout, the Trojan is so far only affecting "Android smartphone users in Russia and only works on Russian networks." The company said it has not observed the malware in the Android Market.

"Our application permissions model protects against this type of threat," a Google spokesperson told eWEEK. "When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."

Lookout recommended that users review their phone bills for premium SMS messages they did not send. Also, "If you have recently downloaded a media player, check the permissions to ensure [that] it does not have the ability to send SMS messages," the company added.

"Automatically permitting a new application to access every service it requests means you could end up with malicious or unwanted applications doing all sorts of things without requesting any additional confirmation," Maslennikov warned. "And you won't know anything about it."

Rocket Fuel