Another Trojan Making Rounds on Android
A month ago we reported the first “virus” to hit Android (Trojan-SMS.AndroidOS.FakePlayer.a) was making its rounds. Today the successor to this app, Trojan-SMS.AndroidOS.FakePlayer.b, started showing up.
This trojan is spread by SMS messages that advertise an “adult media player”, or by people who stumble across it online. That’s right, they’re capitalizing on Steve Jobs’ “there’s a porn store for Android” statement and trying to lure people in with the promise of seeing some skin.
The second method of distribution, people looking for pornography for their Android, is what sets this trojan apart from others. Utilizing what Denis Maslennikov (a security expert at Kaspersky Lab) called “clever search engine optimization techniques”, this trojan doesn’t have to actively seek out phones to infect, rather, it can let people seek it out.
Those that argue that “a true Linux OS wouldn’t allow this type of behavior” miss the fact that apps, when installed, must request the permissions that they need to run — the user must then either grant those permissions to the app, or cancel the installation.
A wallpaper switcher that asks for permission to dial your phone, for example, should throw up some red flags and (hopefully) the user will cancel the installation due to this seemingly uncharacteristic request for permissions.
Apparently many “adult oriented” apps use SMS billing to grant access to various types of content which makes this trojan’s request for SMS access less suspicious.
The app, once installed, doesn’t have a graphical front-end, it just places an icon (adult-oriented, of course) in your app drawer. It starts sending text messages — without the your knowledge — whenever the app is run, sending out text messages at $6 a pop until your mobile phone account runs dry.
Let’s all remember to practice safe mobile-computing.
(Source: Information Week)