Wednesday, August 11, 2010

"Trojan-SMS.AndroidOS.FakePlayer.a" is the first Trojan to attack Android according to Kaspersky.

Recently conference by Black Hats showed us the Android OS is also vulnerable to attacks and now its happening. The malware detected by security firm Kaspersky, who confirmed the file is named “Trojan-SMS.AndroidOS.FakePlayer.a” and is downloaded as a typical .APK Android app.

The company stated this is the first known Android-specific trojan.

It was a local outbreak of a mobile trojan in Russia

The malware works by posing as a media player app. Once the app is installed on the mobile device, the trojan begins to send SMS messages to premium rate numbers without the device owner’s knowledge. Since the trojan’s creators are usually the ones on the other end of those premium numbers, they end up profiting from the scam.

Kaspersky Lab is currently working on Android-specific antivirus technologies; the company plans to release Kaspersky Mobile Security for Android early next year. Other antivirus apps are available in the Android Market; in the past, such applications were thought unnecessary.

One of the mashable Reader Jon Oberheide emailed to say he’d gotten a copy of the trojan and dissected its code. On his personal blog, Oberheide writes that the malware “appears to be hastily built off of the HelloWorld example program distributed in the Android SDK.” When the user first tries to run the app, he will be told to wait for the media player to find the video library. During this time, the device will send a string of numbers to an SMS shortcode three times. After those three messages are sent, the program won’t run again. As Oberheide concludes, “It would be unwise for the trojan to continually barrage the premium SMS number with additional messages from the same user as it would likely raise more red flags.”

No comments: