New malware that runs on Android smartphones is disguised as a porn media player. But in reality, the application sends expensive text messages to SMS numbers until a user's mobile phone account runs out of credit.
The Trojan application, dubbed Trojan-SMS.AndroidOS.FakePlayer.b, isn't available via the official Android Market app store on handhelds or online, but rather is designed to be discovered online. To that end, it's being distributed "via clever search engine optimization techniques, a clear sign that cyber-criminals are making every effort to infect mobile devices," said Denis Maslennikov, a security expert at Kaspersky Lab.
In other words, people searching the Internet for porn players that run on Android may encounter this malicious application. The attack has a social engineering component, however, in that users must manually install the application and give it permission to send SMS messages. Then again, many legitimate adult content providers today do, in fact, use SMS messages as a billing platform.
The fake application doesn't itself have a user interface. "Once installed, it simply drops an icon -- an adult-themed photograph -- on the smartphone's screen and starts sending premium SMS messages without the user's knowledge, whenever the app is launched," said Maslennikov. "With the search engine optimization techniques being used, there is a likelihood this is infecting a lot of users."
Maslennikov discovered the application while researching the origins of the first-ever SMS Trojan for Android, which he discovered last month. That application is an innocuous-looking "movie player" which, once installed, began sending $5 SMS messages to two different phone numbers.
Both attacks have been primarily targeted at Android users in Russia. "In the past, though, we've seen plenty of local problems evolve to become global ones," he said.
Indeed, if there's a financial angle to exploit with mobile devices, criminals come gunning. For example, in July, security researchers warned of a new botnet targeting Symbian smartphones. That attack likewise sent SMS messages to a premium Russian telephone number until the smartphone ran out of credit.