카스퍼스키(Kaspersky), 안드로이드OS SMS 트로이목마 발견(Trojan-SMS.AndroidOS.FakePlayer.c)

세계적인 보안회사 카스퍼스키(Kaspersky)가 안드로이드 OS에서 SMS를 이용하는 트로이 목마를 발견했다고 한다.

예전에 나왔던 SMS 트로이목마의 변종이다.

포르노 플레이어를 가장한 어플리케이션은 저번과 동일하다고 하며,  SMS를 보내는 shortcode : 7132과 4161이다.

원본보기 : http://www.securelist.com/en/blog/329/FakePlayer_take_3

We have just detected a third FakePlayer SMS Trojan for Android phones – it’s been a month since we saw the second one. What’s new in this one?

First of all, the ‘porno player’ icon from the first variant has returned.

In the second place, this variant sends for-fee SMS/text messages to two short numbers now – 7132 as in the previous version and also 4161 - new for this version.

The cost for every SMS/text message remains 6 USD (about 170 Russian rubles).

There are no other changes. The same archive – pornplayer.apk, the same infection vector – via the Internet using SEO tricks and the same queries upon installation:

So no real changes – just a new variant to earn additional money… But the trend for regular updates is a concern.

PS Everyone with a phone which supports J2ME should also beware: if you go to a website which is spreading Trojan-SMS.AndroidOS.FakePlayer.c using a mobile web browser, such as Opera Mini for instance, you will be offered a link to download J2ME application – which happens to be a Trojan we detect as as Trojan.SMS.J2ME.Small.r.

- 관련글

2010/09/09 - [보안관련소식] - 카스퍼스키(Kaspersky), 안드로이드OS SMS 트로이목마 발견(Trojan-SMS.AndroidOS.FakePlayer.b)
2010/08/13 - [보안관련소식] - 시만텍(Symantec), 안드로이드 악성코드 "AndroidOS.Tapsnake" 발견
2010/08/10 - [보안관련소식] - 카스퍼스키(Kaspersky), 세계 최초 안드로이드OS SMS 트로이목마 발견
2010/08/04 - [보안관련소식] - 안드로이드(Android), 개인정보를 유출하는 악성코드 "AndroidOS.Ewalls" 발견