SMS Trojan Steals From Android Owners

siliconbits writes "A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android platform, even though SMS Trojans are currently the most widespread type of malware on mobile phones."

Hahaha

Hahaha! Good thing I have an iPhon.....*signal lost*

Re:Is this really a trojan?

[MozeeToby]

Yes, the user must approve giving the 'Trojan' access to sending text messages, which is included under a big banner that says "Things that can cost you money". Of course, after the 40th or 50th app installed, no one reads them anymore and just clicks the OK button, but Android does notify you of what it's capable of, and even that requires you to check the install apps from other sources button.

Read the TFA?

[NiteShaed]

Why bother? I read it, and I still don't know silly details like what the name of this app is, or whether it's been pulled from the Android Market. Actually, now that I think about it, I don't even know *if* it was in the Android Market, or if it's a side-load app. For all I know, Kaspersky "discovered" a proof-of-concept app that they developed themselves. Yeah, that last bit is pretty unlikely, but reading TFA is no help at all in ruling it out.....

Content fail for TFA.

Bad summary

[esocid]

After trudging through several articles, not one mentions the application's name. It does however mention that the trojan can be packed into basically anything. It also doesn't mention that only users in Russia are affected by the SMS charges.

According to Denis Maslennikov, Senior Malware Researcher at Kaspersky Lab, there's not an exact number of infected devices available at present, but the outbreak is currently regional. For now, only Russian Android users can actually lose money after installing the Trojan, but anyone can be infected.

http://www.readwriteweb.com/archives/first_trojan_for_android_phones_goes_wild.php

Re:Is this really a trojan?

[flibuste]

In all honesty, the way Android reports what an application uses is way too weak and not granular enough. Basically, you require access to 1 URL, your application needs "Full Internet Access". Want to access the GPS data? Your application needs "Location access", "Services that may cost money", etc.

The way an application declares its "needs" is through an element in the Android Manifest file. However, the choices are really limited to the existing Android services, and most of them have a 1 to 1 relation with the services they relate to, and nothing more granular such as "Requires GPS access using only satellites (costs nothing)", "Requires GPS access using cell towers", "Requires GPS access through paying services".

In the end, the user downloading an app sees warning that are mostly meaningless, and which appear in many other applications. It's close to impossible to spot a possibly-offensive application such as this Trojan.

Re:Is this really a trojan?

[metamatic]

Is it possible for an app to request access to the filesystem, then modify another existing app with a payload that makes it do all the dirty work?

No. Each Android app runs as a separate Linux userid. Even if you give the app filesystem access, it can't write to files that belong to other apps, let alone rewrite the apps themselves.

Re:So...

[shmlco]

"Oh and why do you capitalize the 'middle east'? Is it a country now, worthy of promotion to a proper noun?"

Doesn't need to be a country. Region names are capitalized when they stand alone and are widely understood to designate a specific geographic (or geopolitical) area. e.g. Southern California, the Bay Area, the Middle East.

http://www.utexas.edu/visualguidelines/capitalization.html