Another SMS Trojan Unleashed on Android



Last month we got word of an SMS trojan making its way out of Russia and on to Android handsets, and it turns out it isn’t the only one. A second virus has been located fitting the same M.O. as the first, this time going by the package name of Trojan-SMS.AndroidOS.FakePlayer.b as opposed to the original FakePlayer.a. According to Denis Maslennikov of Kaspernsky Lab — the same group that discovered the first SMS trojan — the latest virus is distributed “via clever search engine optimization techniques, a clear sign that cyber-criminals are making every effort to infect mobile devices.”

The entire attack is disguised as an internet porn portal application, and once downloaded (from a third party source online, you won’t find it in the Android Market) must be installed and does ask for permission to send SMS messages. However, SMS has become a popular billing method for those dipping into adult pay services so those downloading the app may be none the wiser. Once installed, though, there is no actual application to run, only an adult-themed icon on your homescreen and a background service pinging $5 text messages to premium numbers.

For now the trojans seem to be relegated to Russia, but just like any virus the potential is there for the spread of the malware to all corners of the world. If in your travels and searches around the world wide web you come upon an application like the one described above, be wary of the permissions it wants to be granted. Practice safe application installation!

[via InformationWeek]

  1. Really? is not enough you need to download an app that’s not on the market to get your porn fix on the go? I’m starting to think that people who get Trojans and virus like this deserve what happens to them.

  2. I believe you mean “Kaspersky”, not “Kaspernsky”.

  3. Good info, but I’m with Dr. Jeckyl on this one. Plenty of warning signs. You should expect a random porn app to be a trojan.

  4. If you need tiny porn in your pocket, serves you right IMHO.

  5. *sigh*
    Another non-virus?

  6. Dear God! Disguised as a porn portal!? Surely it must have already been downloaded by millions!!! :P lol

  7. Agreed with the first 5. This fear mongering from Kaspersky really should not be extended any further by Phandroid. To date there are no known viruses or real trojans on Android. THIS IS NOT A VIRUS OR A TROJAN EITHER. This is a malicious app that only a moron would install. Sorry, but you get what you deserve and Google gives you a clear warning that you are installing an app from an untrusted source and you better be damn sure about what you are installing and what permissions you are giving.It really would not surprise me at all if the these same guys are the ones writing these apps to make money on both sides of the ‘victims’ pooling their ignorance.

  8. There are plenty of safe ways to browse porn on a mobile and you don’t need to install a app for it either…. so I’ve heard ;)

  9. Um, a trojan is an application that appears to do one thing and actually does something else, causing material harm.
    I would say this meets that definition. It is but a virus or worm, but it is a trojan.

  10. Cyber criminals? don’t you mean kapersky or who kapersky hired is trying to do what they were hired to do so that kapersky makes money. Either way its not in the market so its not a problem just don’t be a pervert and you are good.

  11. Does it self-replicate or spread? How exactly is this a virus?

  12. Funny how those discovering these things are the very ones poised to make money protecting us from their discoveries. While I have no doubt that these apps exist, they’re relatively easy to stay clear of (so far).

  13. @Adamsinger77 lol so true… apps for porn?? c’mon thats what a browser is for… hehe

  14. Does no one else find the image for this article to be extremely sexist?

  15. @ Michael
    Well since it doesn’t do anything.. (appearing to be legit while hiding it’s bad behavior).. it is NOT a trojan.. Swampfox is correct, it’s just malware (with an icon).. If for example, it was an app that browsed porn, and was doing the dialing in the background, then it would be a trojan.. This is just a lame attack, and Kapersky was pretty lazy in writing it.. if they did, which is probable.

  16. @Offended

    No, Just you.

    Whatsa Matter? Are you a “loose women”>?

    Get over it child.

  17. @ offended its funny you say that…lol I don’t think its a big deal and what’s funny is when worse things are said about men you often don’t hear a peep out of anyone. And besides Anddy is a guy so it makes sense…so settle down…y0

  18. o dudes. Want porn on the go? There’s an app for that. Adobe Flash Player 10.1

    XD hahahaha

  19. @Dennis, thank you for filling in Michael on the basic difference between a trojan and just a poor malicious app. In 2007 there were more malware apps written for the PC than the entire 20 years combined. We need to face it that there are a lot terrible people trying to make money the easy way and that there are going to be a lot more of these for the Android phone due to the open design – the fact that users have the capability to install apps outside of the market. If you gave the average person a Ferrari and told them that bad things will happen fast if they turn off the traction control and do not know what they are doing, there are still going to be a lot of fools that will do exactly that and wreck them. However, if Ferrari did not allow one to turn it off, then the advanced drivers would never buy one. (cough, Steve Jobs, cough iPhone)The frustrating thing about all of this is that this app is not a security threat, it is not replicating, and it is not even a trojan. It is just a junk malicious app that really someone deserves to get burned if they install it. People should have more sense than to install a 16.4kb porn app from an unknown source on their phone that requests access to send and receive SMS messages – would you install the like on your PC?!?!Kaspersky is going to end up doing way more harm to the Android platform than good in their attempt to monetize from their useless product that will be released in the Spring by fear mongering and getting every stupid malicious app like this published on all the blogs with their name attached as the hero that ‘discovered’ it first. Rubbish.

  20. @Offended, as a female, I say “lighten up”!! He used a historic WWII victory poster.

  21. You would seriously have to be an idiot to download this program and not suspect there to be unintended results. I was reading a article about trojans and viruses and what they can do here:

    I thought the picture to the article was funny. I’m confused as to how it relates to ww2 victory though (aside from it saying victory at the bottom right).

  22. To even install this thing in the first place one needs to check the unknown sources option in the security settings. After that they need to actually download it and install it, going through the security dialog and telling it to install.

    Hardly a virus.

    It’s just some immoral people taking advantage of stupid people. This isn’t news.

  23. Dear Phandroid,
    Please learn the difference between a TROJAN and MALWARE.
    Until you can learn the basic differences between the 2, I will be forced to find my Android news elsewhere. Garbage reporting.

  24. Dear Nick, Swampfox, Dennis et al,
    Please learn the definition of malware, ie a computer program created to infiltrate a computer without the users consent. This is a BLANKET term to cover a variety of different attacks, trojans are a TYPE of malware, not some mystical unrelated entity, and if this is not a trojan what type of malware would you suggest it is? The app is disguised as an internet porn portal application and then sends texts to premium numbers whilst it’s running, no a virus, but definitely a trojan. Whilst the attack is pretty weak, and I agree with the many shouts about scaremongering I do get quite frustrated that every time one of these things shows up people try and enlarge their epeen by making false statements about what they are and are not.

  25. @Vinnie – It is simply malicious software!
    It is hardly a trojan if it never even accomplishes the original intended and marketed use, and especially since you knowingly install it AND it ASKS you for permission to send and receive SMS messages. You are going need to assume that it is going to use that priveledge at some point – especially coming from an untrusted source.It’s not like this a kids game or twitter app that is doing sinister things in the background. It is only a trojan to an absolute retard. If someone can get me a copy of the .apk, I would be interested to decompile it and see exactly what it is doing!

  26. It is sad that people need porn. It is sad that many people want their fancies gradified in the form of watching someone that they can not have. There are many real people that are seeking someone to gradify their fancies, but yet no one will seek them out to fulfil their hopes, dreams, and wishes. Seek and ye shall find, but to get your jollies via a cell phone, that’s just nasty, and what you receive from the porn fake site you deserve….

  27. OK – to take the thread in a whole different direction…

    What’s with using an incredibly sexist poster? Sure, it’s a piece of history, but we’ve evolved since then…

    “Loose Women may be Loaded with Disease”

    But don’t worry the guys are all clean?

    Sheesh! Yeah, yeah, call me a PC fool if you like – but this stuff matters. Hold yourself to a higher standard.

