First SMS Trojan detected for smartphones running Android
Kaspersky Lab, a leading developer of secure content management solutions, announces that the first malicious program classified as a Trojan-SMS has been detected for smartphones running on Google’s Android operating system. Named Trojan-SMS.AndroidOS.FakePlayer.a, it has already infected a number of mobile devices.
The new malicious program penetrates smartphones running Android in the guise of a harmless media player application. Users are prompted to install a file of just over 13 KB with the standard Android extension .APK. Once installed on the phone, the Trojan uses the system to begin sending SMSs to premium rate numbers without the owner’s knowledge or consent, resulting in money passing from a user’s account to that of the cybercriminals.
The Trojan-SMS category is currently the most widespread class of malware for mobile phones, but Trojan-SMS.AndroidOS.FakePlayer.a is the first to specifically target the Android platform. It should be noted that there have already been isolated cases of devices running Android being infected with spyware. The first such program appeared in 2009.
“The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform,” says Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab. “Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”
Kaspersky Lab recommends that users pay close attention to the services that an application requests access to when it is being installed. That includes access to premium rate services that charge to send SMSs and make calls. When a user agrees to these functions during the installation of an application, the smartphone may then be able to make calls and send SMSs without further authorization.
The signature for Trojan-SMS.AndroidOS.FakePlayer.a has already been added to Kaspersky Lab’s antivirus databases.
File RU.apk received on 2010.08.09 11:52:16 (UTC) | |||
Antivirus | Version | Last Update | Result |
AhnLab-V3 | 2010.08.09.00 | 2010.08.09 | - |
AntiVir | 8.2.4.34 | 2010.08.09 | - |
Antiy-AVL | 2.0.3.7 | 2010.08.09 | - |
Authentium | 5.2.0.5 | 2010.08.09 | - |
Avast | 4.8.1351.0 | 2010.08.09 | - |
Avast5 | 5.0.332.0 | 2010.08.09 | - |
AVG | 9.0.0.851 | 2010.08.08 | - |
BitDefender | 7.2 | 2010.08.09 | - |
CAT-QuickHeal | 11.00 | 2010.08.09 | - |
ClamAV | 0.96.0.3-git | 2010.08.09 | - |
Comodo | 5694 | 2010.08.09 | - |
DrWeb | 5.0.2.03300 | 2010.08.09 | Android.SmsSend.1 |
Emsisoft | 5.0.0.36 | 2010.08.09 | - |
eSafe | 7.0.17.0 | 2010.08.08 | - |
eTrust-Vet | 36.1.7777 | 2010.08.09 | - |
F-Prot | 4.6.1.107 | 2010.08.09 | - |
F-Secure | 9.0.15370.0 | 2010.08.09 | - |
Fortinet | 4.1.143.0 | 2010.08.09 | - |
GData | 21 | 2010.08.09 | - |
Ikarus | T3.1.1.84.0 | 2010.08.09 | - |
Jiangmin | 13.0.900 | 2010.08.07 | - |
Kaspersky | 7.0.0.125 | 2010.08.09 | Trojan-SMS.AndroidOS.FakePlayer.a |
McAfee | 5.400.0.1158 | 2010.08.09 | - |
McAfee-GW-Edition | 2010.1 | 2010.08.09 | - |
Microsoft | 1.6004 | 2010.08.09 | - |
NOD32 | 5351 | 2010.08.09 | - |
Norman | 6.05.11 | 2010.08.08 | - |
nProtect | 2010-08-09.02 | 2010.08.09 | - |
Panda | 10.0.2.7 | 2010.08.08 | - |
PCTools | 7.0.3.5 | 2010.08.09 | - |
Prevx | 3.0 | 2010.08.09 | - |
Rising | 22.60.00.04 | 2010.08.09 | - |
Sophos | 4.56.0 | 2010.08.09 | - |
Sunbelt | 6704 | 2010.08.09 | - |
SUPERAntiSpyware | 4.40.0.1006 | 2010.08.09 | - |
Symantec | 20101.1.1.7 | 2010.08.09 | - |
TheHacker | 6.5.2.1.339 | 2010.08.09 | - |
TrendMicro | 9.120.0.1004 | 2010.08.09 | - |
TrendMicro-HouseCall | 9.120.0.1004 | 2010.08.09 | - |
VBA32 | 3.12.12.8 | 2010.08.04 | - |
ViRobot | 2010.8.9.3978 | 2010.08.09 | - |
VirusBuster | 5.0.27.0 | 2010.08.08 | - |
Additional information | |||
File size: 12927 bytes | |||
MD5 : fdb84ff8125b3790011b83cc85adce16 | |||
SHA1 : 1e993b0632d5bc6f07410ee31e41dd316435d997 | |||
SHA256: 14ebc4e9c7c297f3742c41213938ee01fd198dd4f4a5f188bbbb6ffcf4db5f14 | |||
TrID : File type identification Java Archive (78.3%) ZIP compressed archive (21.6%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
|||
ssdeep: 384:zZBs7IF0ziI4wOweZTqJu/SJQdWg6eyQbUjkX:zZ9vwqVMu/3Eg6eyQbUi | |||
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned | |||
PEiD : - | |||
RDS : NSRL Reference Data Set - |
'IT 보안소식' 카테고리의 다른 글
[SpamMail] "Blizzard billing Cataclysm activities" 제목으로 전파 되는 피싱메일 주의!! (0) | 2010.08.12 |
---|---|
웹센스(Websense), Technical Analysis on iPhone Jailbreaking (0) | 2010.08.10 |
알집(ALZip), ALZip SFX 방식을 이용한 악성코드 주의 (2) | 2010.08.10 |
[SpamMail] "Sales Order from BayTec Containers" 제목으로 전파 되는 메일 주의!! (0) | 2010.08.10 |
비트디펜더(BitDefender), BitDefender Total Security 2011 Presentation (0) | 2010.08.09 |
댓글