SMS-Based Trojan Targeting Android Smartphones

Evil-doers have finally taken it upon themselves to go after Android devices. A new Trojan hijacks Android handsets' SMS application to send texts to premium messaging services, running up the bill.
According to Kapersky Lab, it has discovered the first known Trojan to be specifically targeted at Android smartphones. Kapersky classifies the "malicious program" as a Trojan-SMS, which attacks users where it hurts the most: their wallet.

The Trojan disguises itself as a media player application. The file name is: Trojan-SMS.AndroidOS.FakePlayer.a (kinda gives itself away if you're paying attention, don't ya think?). The file is just 13Kb and has a standard .APK Android app extension. Once the Trojan has been installed, it causes some serious trouble.

It takes hold of the device's SMS (texting) application and begins sending text messages to "premium rate numbers" all on the low-down. Premium rate SMS numbers are the SMS equivalent to the 1-900 numbers from yesteryear. They cost users money -- in the form of charges on their wireless account -- for messages sent to and/or received from the number in question.

Kapersky says that Trojan-SMS is the most prevalent type of malware attempting to take over smartphones. This particular Trojan is the first to go after Google's mobile operating system, though Kapersky says that Android devices have been infected with spyware before.

Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, said in a prepared statement, "The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform."

Symbian, Palm OS and Windows Mobile were targeted in the past. Maslennikov is right in predicting that the number of attacks on Android will only go up as the platform becomes more popular.

There is a relatively easy way to avoid problems such as those presented by Trojan-SMS.AndroidOS.FakePlayer.a. When users download and install applications, they are given a chance to review what systems and other applications that new app might want to access. Be careful. Read this stuff. Once users hit the "accept" button, the app is more or less free to do what it wants. Unfortunately, that includes sending costly SMS messages if you let a media player app access the SMS functions of your phone.

A Google spokesperson explained, "Our application permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."

Enterprises that have deployed Android need to be doubly certain that users aren't installing unauthorized applications, which can help prevent malicious software from infecting company assets.

[Via Kapersky Lab]