New Android malware texts premium-rate numbers

The malware is believed to be the first to target the Android mobile operating system

Researchers at Russian security company Kaspersky Lab say they've discovered the first malicious software program to target Google's Android mobile operating system.

The application masquerades as a media player, according to a Kaspersky blog post. But if it is installed, the rogue application begins secretly sending SMSes (Short Message Service) to a premium rate number presumably belonging to the hackers who created it.

There have been isolated cases of spyware programs that run on the Android platform, an open-source mobile operating system created by Google. But the fake media player application, which Kaspersky dubbed "Trojan-SMS.AndroidOS.FakePlayer.a," is the first one believed to specifically target Android, Kaspersky said.

"Kaspersky Lab recommends that users pay close attention to the services that an application requests access to when it is being installed," the company said. "That includes access to premium rate services that charge to send SMSes and make calls."

The application is simply called "Movie Player," according to Lookout, a company that makes mobile phone security and management software. The malware does apparently warn users they may be charged for SMSes if they install it. The SMSes costs "several dollars," Lookout's blog said.

Lookout suggested that Android users check the permissions of the media player applications and revoke any that mention charging for SMSes. The malware may not spread far, however, for a couple of reasons.

"So far this has only affected Android smartphone users in Russia and only works on Russian networks," Lookout said. "As far as we know, there is no indication that this app is in the Android Market."

Google said in a statement that users see a screen after downloading an application that explains what information and system resources that application can access, such as their phone number or the SMS function.

"Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time," Google said. "We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."

As another defense against this malware, users can set their phone to only download applications that are in the Android Market

Mobile devices have not been afflicted by malicious software to the extent of desktop OSes such as Windows, but security analysts have said they expect that to change as smartphones become more widely used and gain more capabilities.

Last year, Trend Micro analyzed a piece of mobile malware known as "Sexy Space," which ran on Symbian S60 OS devices. Infected phones would send SMSes to everyone in the phone's contact list with a link to a website. If someone clicked the link, they would then be prompted to install Sexy View, which purported to offer pornography-related content.

In 2005, the Symbian Series 60 OS was targeted by Comwar, a worm that spread via Bluetooth and MMS (Multimedia Messaging Service). The first for-profit mobile malware, Redbrowser, was discovered in 2006.

Redbrowser used a social-engineering ploy written in Russian to lure users to manually install it, which limited the rate at which it spread. The malware sent SMSes to a phone number that charged around US$6 per message, targeting even lower-end mobile devices running the J2ME (Java 2 Mobile Edition) software, which at the time ran on some 1 billion devices from vendors such as Nokia, Motorola and Research in Motion.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationstelecommunicationsecuritymobile securityAndroidsoftwareMobile operating systemsmobilemalwarekaspersky labsms

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place