Android SMS Trojan Uses SEO To Spread

Disguised as an adult media player, the malware sends $6 text messages until a user's mobile phone account runs out of credit.

Mathew J. Schwartz, Contributor

September 10, 2010

2 Min Read
InformationWeek logo in a gray background | InformationWeek

New malware that runs on Android smartphones is disguised as a porn media player. But in reality, the application sends expensive text messages to SMS numbers until a user's mobile phone account runs out of credit.

The Trojan application, dubbed Trojan-SMS.AndroidOS.FakePlayer.b, isn't available via the official Android Market app store on handhelds or online, but rather is designed to be discovered online. To that end, it's being distributed "via clever search engine optimization techniques, a clear sign that cyber-criminals are making every effort to infect mobile devices," said Denis Maslennikov, a security expert at Kaspersky Lab.

In other words, people searching the Internet for porn players that run on Android may encounter this malicious application. The attack has a social engineering component, however, in that users must manually install the application and give it permission to send SMS messages. Then again, many legitimate adult content providers today do, in fact, use SMS messages as a billing platform.

The fake application doesn't itself have a user interface. "Once installed, it simply drops an icon -- an adult-themed photograph -- on the smartphone's screen and starts sending premium SMS messages without the user's knowledge, whenever the app is launched," said Maslennikov. "With the search engine optimization techniques being used, there is a likelihood this is infecting a lot of users."

Maslennikov discovered the application while researching the origins of the first-ever SMS Trojan for Android, which he discovered last month. That application is an innocuous-looking "movie player" which, once installed, began sending $5 SMS messages to two different phone numbers.

Both attacks have been primarily targeted at Android users in Russia. "In the past, though, we've seen plenty of local problems evolve to become global ones," he said.

Indeed, if there's a financial angle to exploit with mobile devices, criminals come gunning. For example, in July, security researchers warned of a new botnet targeting Symbian smartphones. That attack likewise sent SMS messages to a premium Russian telephone number until the smartphone ran out of credit.

Read more about:

20102010

About the Author

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights