Home > Apps > OMG! A trojan for Android OS! 1 person almost lost $1.17!

OMG! A trojan for Android OS! 1 person almost lost $1.17!

August 12th, 2010 Leave a comment Go to comments

Looks like all tech blogs today have posted an article about an Android trojan app. I really want to know the purpose of it. I realize why Kaspersky Lab did it, and in the Russian version of the article they write:

“Kaspersky Mobile Security for Android is planned for Q1 2011″.

But why are other blogs posting this? To protect people? From what? This fake video player app is obviously not on the Android Market. How many people in the world will search for a video player on the web, download it from an unknown web site and install it accepting a permission to send SMS?

That’s not a security hole in the Android OS. Nothing can be improved on the Android Market side to prevent this. You don’t need Lookout or Kaspersky on your phone. Just stop for a second and read permissions required by the app you want to install.

An update from security expert Jon Oberheide:

Again, not a whole lot to it. Since these are Russian SMS short codes, any non-Russian phones probably won’t be able to SMS that premium shortcode and therefore won’t incur the toll charges. It’s important to note that the application has no viral spreading capabilities nor command and control functionality. It simply relies on users being tricked into downloading, installing, and running the fake movie player application.

The media hoopla around this trojan release is a bit overblown, as mobile SMS toll fraud (especially overseas) is nothing new. Attackers continue to take the path of least resistance to monetization and, as usual, simple toll fraud is much preferred over any highly technical attack. But hey, it gives AV companies a great opportunity to fire up the mobile security hype machine and snake oil generator…

Update no. 2: an original story, translated from Russian:

I was browsing the Web with Opera Mini and clicked a link to an .apk file. I downloaded it and started installing; the system asked for permissions to send SMS and make calls. For a sake of experiment, I turned on Dr.Web protection and allowed the system to install the app. I had 34 rub (about $1.17) on my account. After running this app, I’ve got 3 messages about insufficient funds to send SMS. … Since I didn’t had much money on my account, I haven’t lost anything. Even if I had more money, I wouldn’t risk and install this app.

That’s it, all we know for sure is that one poor fellow has installed this fake media player, but even he figured out there must be something wrong and turned on his anti-virus app.

No related posts.

Tags: