SMS Trojan Steals From Android Owners

← Back to Stories (view on slashdot.org)

SMS Trojan Steals From Android Owners

Posted by CmdrTaco on Tuesday August 10, 2010 @05:16AM from the no-way-i-wanted-hott-sexx dept.

siliconbits writes "A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android platform, even though SMS Trojans are currently the most widespread type of malware on mobile phones."

22 of 168 comments (clear)

Min score:

Reason:

Sort:

Is this really a trojan? by schon · 2010-08-10 05:19 · Score: 3, Informative

Or does it tell you what it's gonna do beforehand?
If you install something that says "THIS WILL COST YOU MONEY", and it sends SMS that costs you money, how exactly is that a "trojan"?
1. Re:Is this really a trojan? by MozeeToby · 2010-08-10 05:22 · Score: 5, Insightful
  
  Yes, the user must approve giving the 'Trojan' access to sending text messages, which is included under a big banner that says "Things that can cost you money". Of course, after the 40th or 50th app installed, no one reads them anymore and just clicks the OK button, but Android does notify you of what it's capable of, and even that requires you to check the install apps from other sources button.
2. Re:Is this really a trojan? by MozeeToby · 2010-08-10 05:32 · Score: 2, Insightful
  
  Why not just take the literally 20 seconds to read what parts of the phone an app wants access to? Or at least the 5 seconds to make sure that there's nothing under the 'will cost you money' heading, unless it's an app where that makes sense (I think the only apps I have with entries under those headings are Google maps and Google voice, and both because they're allowed to initiate phone calls).
3. Re:Is this really a trojan? by SCPaPaJoe · 2010-08-10 05:43 · Score: 2, Informative
  
  I Agree. When I first got my Droid, I was going to install a free game until I saw it wanted access to by contacts list. The notification screen during app install is quite clear and easy to understand. There is no excuse for not reading it.
4. Re:Is this really a trojan? by flibuste · 2010-08-10 05:46 · Score: 4, Informative
  
  In all honesty, the way Android reports what an application uses is way too weak and not granular enough. Basically, you require access to 1 URL, your application needs "Full Internet Access". Want to access the GPS data? Your application needs "Location access", "Services that may cost money", etc.
  The way an application declares its "needs" is through an element in the Android Manifest file. However, the choices are really limited to the existing Android services, and most of them have a 1 to 1 relation with the services they relate to, and nothing more granular such as "Requires GPS access using only satellites (costs nothing)", "Requires GPS access using cell towers", "Requires GPS access through paying services".
  In the end, the user downloading an app sees warning that are mostly meaningless, and which appear in many other applications. It's close to impossible to spot a possibly-offensive application such as this Trojan.
5. Re:Is this really a trojan? by metamatic · 2010-08-10 05:52 · Score: 5, Informative
  
  Is it possible for an app to request access to the filesystem, then modify another existing app with a payload that makes it do all the dirty work?
  No. Each Android app runs as a separate Linux userid. Even if you give the app filesystem access, it can't write to files that belong to other apps, let alone rewrite the apps themselves.
  
  --
  GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
6. Re:Is this really a trojan? by Sancho · 2010-08-10 06:19 · Score: 2, Insightful
  
  It would tell you it's going to send SMS, not that they will cost you money. SO while it's sending SMS info of the songs you listening to share playlists, it also sens SMS to places that charge?
  On my phone, the category in the manifest is "Services that cost you money" (in big bold letters) and then under that, as an explanation, it says "directly call phone numbers, send SMS messages."
  An application which has the ability to send SMS has the ability to cost you money because it could send SMS to premium-rate numbers or out of the country. Many people wouldn't think about this, and there's probably no easy way for Android to differentiate between regular SMS and premium-rate SMS.
7. Re:Is this really a trojan? by Sancho · 2010-08-10 06:20 · Score: 2, Informative
  
  The manifest says, in big bold letters, that the app may cost you money by placing phone calls and sending SMS.
8. Re:Is this really a trojan? by Anonymous Coward · 2010-08-10 06:31 · Score: 2, Informative
  
  In all honesty, the way Android reports what an application uses is way too weak and not granular enough. Basically, you require access to 1 URL, your application needs "Full Internet Access". Want to access the GPS data? Your application needs "Location access", "Services that may cost money", etc.
  Do you use Android? It is more granular than that. Location access can specify coarse (cell location) and fine (GPS). "Services that may cost money" can specify SMS or phone calls. Many apps use a "Phone" permission that's called "Read phone state" so that it can know when you're receiving a call. Apps like Google Voice that use the "Phone" permissions also include things like "Make outgoing calls" and "Intercept calls".
  Your fine-grained permissions are right there.
9. Re:Is this really a trojan? by nschubach · 2010-08-10 07:51 · Score: 2, Funny
  
  Personally, I'd like to see an OS driven prompt to have access to things like contacts, messaging and phone access.
  If your app needs a contact to send a message, it would have to pass that message to the OS and the OS would prompt the user for the contact to send it to. This way, no apps need access to contacts to send messages for some reason. The same applies to phone numbers, etc.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
10. Re:Is this really a trojan? by DJRumpy · 2010-08-10 07:52 · Score: 3, Insightful
  
  It's amazing how far folks are falling over themselves to defend this type of activity on the Android platform ("well it's their own fault" and "they should have read the warning"). I hate to break it to everyone, but most Android users are not geeks, nerds, or techies. They will do just as windows users have been doing for decades and click 'OK' when prompted. Such behavior should be expected and accounted for, or provisions made to protect end users in spite of themselves.
  The difference here? There is no virus scan or malware blocker to save them.
11. Re:Is this really a trojan? by mjwx · 2010-08-10 13:07 · Score: 2, Informative
  
  Out of curiosity, how does a Windows user gain access to the iPhone's file system? Is there even a removable storage card on an iPhone, or is the entire phone a USB mass storage device?
  They dont. No MSC functionality what so ever. All communication with an Iphone is done through Itunes.
  
  True, and if the Android were to move to a better file system than FAT32, that's probably the best way to do it
  Android already uses a newer file system. The / is YAFFS2. Only /SDCARD is VFAT and this can be reformatted to EXT3 if the user wants. FAT32 is only there for compatibility with OS's that cant read EXT file systems
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
Hahaha by Anonymous Coward · 2010-08-10 05:21 · Score: 5, Funny

Hahaha! Good thing I have an iPhon.....*signal lost*
1. Re:Hahaha by ViViDboarder · 2010-08-10 06:24 · Score: 3, Informative
  
  False
Read the TFA? by NiteShaed · 2010-08-10 05:25 · Score: 5, Insightful

Why bother? I read it, and I still don't know silly details like what the name of this app is, or whether it's been pulled from the Android Market. Actually, now that I think about it, I don't even know *if* it was in the Android Market, or if it's a side-load app. For all I know, Kaspersky "discovered" a proof-of-concept app that they developed themselves. Yeah, that last bit is pretty unlikely, but reading TFA is no help at all in ruling it out.....
Content fail for TFA.

--
Some bring out the best in others, some the worst. Some bring out far more.
1. Re:Read the TFA? by unix1 · 2010-08-10 05:31 · Score: 2, Informative
  
  Found the original announcement. No name of an app there either.
  While there could definitely be such an app, the article definitely sounds like an advertisement for their product rather than a security notification.
Prosecution? by AdamThor · 2010-08-10 05:28 · Score: 3, Insightful

So this should lead to police activity quickly enough, right? One can't (at this time) prove where the trojan came from, but it's easy enough to see who benefits and what accounts the money gets paid into. That should all get frozen, cops should kick down some doors, machines should get confiscated?
Will this happen?

--
-- "Oh. This guy again."
1. Re:Prosecution? by John+Hasler · 2010-08-10 05:37 · Score: 2, Insightful
  
  > Will this happen?
  It could. It is quite possible that some mules will find themselves in serious trouble.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Bad summary by esocid · 2010-08-10 05:33 · Score: 5, Informative

After trudging through several articles, not one mentions the application's name. It does however mention that the trojan can be packed into basically anything. It also doesn't mention that only users in Russia are affected by the SMS charges.

According to Denis Maslennikov, Senior Malware Researcher at Kaspersky Lab, there's not an exact number of infected devices available at present, but the outbreak is currently regional. For now, only Russian Android users can actually lose money after installing the Trojan, but anyone can be infected.
http://www.readwriteweb.com/archives/first_trojan_for_android_phones_goes_wild.php

--
Absolute power corrupts absolutely. indymedia
1. Re:Bad summary by esocid · 2010-08-10 05:34 · Score: 3, Informative
  
  Also forgot to mention, it isn't in the market. It has to be manually installed, with that little box checked to allow non-market apps to be installed.
  
  --
  Absolute power corrupts absolutely. indymedia
Protection by Ukab+the+Great · 2010-08-10 05:33 · Score: 2, Funny

With Trojan-SMS.AndroidOS.FakePlayer.a, you can now have two different trojans in your pocket to offer the ladies.
Re:So... by shmlco · 2010-08-10 06:26 · Score: 4, Informative

"Oh and why do you capitalize the 'middle east'? Is it a country now, worthy of promotion to a proper noun?"
Doesn't need to be a country. Region names are capitalized when they stand alone and are widely understood to designate a specific geographic (or geopolitical) area. e.g. Southern California, the Bay Area, the Middle East.
http://www.utexas.edu/visualguidelines/capitalization.html

--
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.