Android growth spurs new mobile malware, SMS Trojan discovered

Status
Not open for further replies.

KSoD

Call me Mak or K, Mod Emeritus
Messages
35,645
Location
C:\
Security researchers at Kaspersky Lab announced the first malware for the Android operating system to be classified as a Trojan-SMS, the most widespread type of malware on mobile phones.
The malware is disguised as a media player application with the standard Android .APK file extension. When the 13KB file is installed, the mobile device will start to send SMS messages to premium numbers which incur charges on the user's account.
Because Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, the platform is an attractive one for renegade application makers.
"We can expect to see a corresponding rise in the amount of malware targeting [Android]," Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab said in a blog posting Monday. "Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011."
The company has profiled the malware as "Trojan-SMS.AndroidOS.FakePlayer.a"


Source
 

remixedcat

Banned
Messages
647
Wow I thought it was linux based so it would have better security. Oh well I guess you can't be too careful. Thanks for the heads up on this.
 

Puddle Jumper

Mod Emeritus
Messages
4,286
Malware stops its fraud after one run to avoid raising suspicion

Some Android users have found themselves the victim of perhaps the first full-fledged Trojan to hit the system. Our story on the trojan yesterday drew a great deal of attention, so we decided to dig into this one a bit deeper.

A reader -- Jon Oberheimer -- founder of security startup Scio Security and Ph.D candidate at the University of Michigan, writes us that he obtained the dreaded Android trojan, disassembled it, and posted an analysis in gory detail.

From his results it's readily apparent that the effort is amateurish, but slightly clever. The program bears a great deal of similarity to the "HelloWorld" tutorial hosted by Google for aspiring developers. It even prints a string "Hello Android from NetBeans".

When the MoviePlayer activity of the app fires up, it triggers the app's onCreate event. This event checks an SQLite database with a single table and column to see if a string "was" was previously written. Here comes the (sort of) clever part -- on the malware's first run, after accomplishing its ill objectives it writes the string to the database. That way on subsequent runs, the string is detected and the program merely exits without continuing the attack. By doing as such, it's able to keep a low profile and its evil actions might escape notice.

Returning to the actions themselves, assuming it's the first time the app has been run, the app tries to broadcast an SMS text message to premium Russian text numbers -- "3353" and "3354" with a numeric message. Meanwhile it displays to the user Russian text that translates to "Wait, seeking access to video library..."

What's more, as Mr. Oberheimer aptly points out, the premium texts should only go through in Russia. U.S. users likely won't incur toll charges from the attack. Of course similar trojans could be employed in the U.S. in the near future, so beware.

Also, the user has to physically download, install, and approve the permissions on the app. This much relies on the Russian tricksters advertising the app as a "media player". A number of people (in Russia) reportedly did fall for this, completing these steps. The final step is that the users have to open (run) the application. Again, a number of users apparently fell for this.

Basically the only mistake Google made in this case, in terms of security, was overestimating users' ability to handle their own security policies. Most Android users are in the U.S. and China (less than 1 percent are in Russia), so fortunately in this case a minimal number of people appear to have been affected by their membership in the security-ignorant masses.

From this information, it's clear that the threat to savvy American users (or international ones) is minimal. Just be sure not to install strange apps. And if you suspect that an app may not be what it purports to be, notify Google and your carrier immediately, so you can be refunded in the case of malicious activity.

Android isn't the only platform to be hit by similar schemes. Owners of jailbroken iPhones have been hit by worms in the past -- some mere pranks, others malicious.
Source: DailyTech - Android Trojan Proves Amateurish But a Little Clever

Going by that article it doesn't sound like it's a particularly dangerous Trojan although the fact that we are starting to see malware target phones like this is certainly cause for concern.
 

hikaricloud

Golden Master
Messages
6,220
Location
USA
Security researchers at Kaspersky Lab announced the first malware for the Android operating system to be classified as a Trojan-SMS, the most widespread type of malware on mobile phones.
The malware is disguised as a media player application with the standard Android .APK file extension. When the 13KB file is installed, the mobile device will start to send SMS messages to premium numbers which incur charges on the user's account.
Because Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, the platform is an attractive one for renegade application makers.
"We can expect to see a corresponding rise in the amount of malware targeting [Android]," Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab said in a blog posting Monday. "Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011."
The company has profiled the malware as "Trojan-SMS.AndroidOS.FakePlayer.a"


Source
Hmmmm...wonder if Kapersky developed this just to sell a mobile antivirus software...hmmmmm.
 

Poizen22

Camera junky
Messages
6,283
Location
ottawa ontario canada.
lol anything open source is more likely to suffer security leaks. everyone has access to it and can develop things for it if they so choose. so security on things like android and Linux is less secure then things like osx and windows. the thing with Linux is the user base has not gone mainstream yet and is not being backed by a large corporation so it isn't often targeted for things like a virus. now with android, it is backed by Google one of the largest company's on the planet and android is huge it is very very very popular OS, mix that with the fact that it is open source and anyone can develop apps for it, that means anyone can develop a virus for it. that is the downfall of open source. once it becomes big enough and if it is backed by a large corp it is a prime target for any computer hacker or malware writer.
 
Status
Not open for further replies.
Top