SMS Trojan Making its Rounds on Android



Red alert! An SMS trojan has been detected running rampant on Android devices, says security watchdog Kapersky. The virus comes disguised as a media player in the package MS.AndroidOS.FakePlayer.a and, once installed, will send out texts to expensive premium numbers, racking up a high phone bill and gains for scammers. While previous reports saw isolated viruses and spyware, this is the first instance of a wide-spread trojan spread about the Android ecosystem.

As a protective measure, the Android Market always asks for certain permissions before installing an application. Pay close attention to any apps that may request access to your phones messaging system, especially if they come from untested sources. A specific perpetrator was not named, though chances are the spyware is coming from multiple fronts, with some applications carrying it remaining unidentified even at this point.

This marks one more area where Google could greatly improve the Android Market. Sure, there are benefits to a completely open for submission market, but when it comes to software with malicious intent slipping out onto unsuspecting phones we are left wanting even the most basic of screening processes.

[via Gizmodo]

Kevin Krause
Pretty soon you'll know a lot about Kevin because his biography will actually be filled in!

Flash Player 10.1 Shipping on Droid 2 [Video]

Previous article

Samsung Epic 4G Release Date Rumor of the Day Is August 21

Next article

You may also like


  1. 1st lol

  2. “This marks one more area where Google could greatly improve the Android Market. ”

    I disagree. the only way for google to weed out these type of apps would be to have an approval process like apple has. The best part of the market is its openness.

    User education would better solve this problem. (although there will always be users that aren’t careful about what they install)

    Also, having an unnamed app malware announced by a security company always smells bad to me. I want to see confirmation of this from somebody that doesn’t have financial gain from malware on android.

  3. I got that download and cancled it right away because I didn’t recognize it…. really glad I saw it before it installed.

  4. @carlos i hate when people say that. u sound gay

  5. This story doesn’t apply to “PHANDROIDS”, it applies to 97% of the sheep that use Android because their kids do or because they saw a catchy commercial. Any self-proclaimed “Phandroid” infected with this is an absolute moron and should never be involved in the scene so to speak. This trojan is not embedded in quality apps, period. THIS is the revolving door of issues that come about when people install a 3d wallpaper with SMS privelages. Die in a fire is what I say to anyone infected with this, and I hope VZW makes you pay the charges since you’re responsible by accepting what that app does.

  6. Does Lookout or any other virus scanner detect this?

  7. @Rob, LOL, so true, couldn’t have said it better myself. We can only make software fool-proof, not idiot-proof.

  8. @Rob: Too much coffee? Or not enough sex? Or both?

  9. @Deb

    was wondering the same thing.

  10. @cs87

    What were you doing that you noticed this malware downloading to your phone? At just over 13KB, it would have downloaded and installed before you could realize it, even on EDGE I would suspect.

    Did you attempt to download an affected .apk from the market? Did you receive a link in a bogus sms? How was it that you came to receive it at all?

  11. Reading several articles, not one lists the specific app, but the costs are only incurred on android users in Russia. They also said it wasn’t in the market. Someone has to manually install this, and of course, enable the ability to install “untrusted” apps.

    “According to Denis Maslennikov, Senior Malware Researcher at Kaspersky Lab, there’s not an exact number of infected devices available at present, but the outbreak is currently regional. For now, only Russian Android users can actually lose money after installing the Trojan, but anyone can be infected.”

  12. wonder what this would do to people who have blocked text messages and also only use data (aka google voice)

  13. It was Microsoft! They didn’t like how fast android ninja’d their position in market share! :)

  14. So theres a media player in the market asking for permission to send SMS??? I agree with Rob. You’re a fool if you install it.

    I guess I forget that there are a ton of people that probably go down the market one by one installing every app they see. I typically install based on reviews from sites or suggestions from places like AppBrain where many others may have been downloading it for a while. Or I at least try to look at the site of some places if I’m not sure about the developer. Yes you can still end up with a malicious package like that but I think you lessen the chance by at least seeing if theres a community around the app. For devs yea it makes it a little harder to break in but maybe at least having a decent website to go along with your app…or something to show you’ve put some work into it and its not just a drive-by attack.

  15. @Rob

    Dude what’s wrong with you? Yes, many people who use android aren’t savy with the OS, but that is because it is fairly new to so many people who make up the android community. Let’s face it, without that huge chunk of people, android wouldn’t have the resources to thrive and grow like it is. Yet your arrogant ass is telling them to “die in a fire,” which is so uncalled for. I guess you have NEVER made a mistake or lacksadaisical rushed decision because you are so high and mighty. I hope you are grateful for whatever sick tricked out android device you have, because without the “sheep” you refer to, you would be using a moto razor or iphone. HAve some sympathy dude.

  16. Social engineering works when people don’t think and just click on impulse. When you see a permission, you have to stop and think.
    I hate apps that don’t have a decent website behind them. At least have a forum or something.

  17. @Rob.
    Tthat’s just how I feel about people who don’t know how to operate on themselves. I mean, all the information is online and they should know it. Why pay a surgeon? In fact so is plumbing, auto mechanics, and how to fuel a rocket booster. Everyone should know everything about everything, and anyone who doesn’t is just a lesser person than me and Rob.

  18. Sounds like Apple developers trying to spread fear in the newly minted king’s empire…

  19. Yes users are warned about what apps can do, but the warnings are really granular, and there are too many of them. A warning like “Network communication: full Internet access”, is pretty damn general, an app may need Internet access for an obvious purpose but it may also use it for a nefarious purpose.

    Developers need to explain why their apps need access to certain APIs. This should be mandatory.

    For example the Pandora app reads contacts, why? Probably because it has a share this song feature, but it could be for other reasons, I trust Pandora though, so I allow it.

    It comes down to the user. A walled garden approach is no better, probably worse because it gives users a false sense of security. Malware can easily slip through the approval process.

  20. Lol. First of all, I have been using Linux since the majority of you were wearing diapers, so yes there definitely is a “tech-savvy” level of opinion in my comment. Second, when you get a TEXT MESSAGE and you install an app from said text message NOT KNOWING ANYTHING whatsoever about the sender or the number, you in fact, should die in a fire. I stand behind that whole-heartedly. @Calypso, Being a Surgeon and an Auto Mechanic are trained PROFESSIONS in which the people performing them have YEARS of experience. What we’re discussing here is RAW – TO THE BONE common sense. If this was 1999, I’d chalk it up as whatever else the internet was spewing in those days, but this is 2010, get a grip and realize that 13 year olds are producing these trojans you arrogant imbecile.

  21. @reality check, Are you absolutely brain dead? The reason I have a DROID that outperforms some computers still in use today is NOT because of the sheep, it’s because of tech-savvy developers and individuals who have a want to move this OS forward, as Linux has been doing for years with the mountain of different distro’s since it’s inception. ALL of the sheep use iPhones, there isn’t a single non-farm animal in Starbucks right now, period. Sheep don’t like the second amendment OR building on anything that is released, they are just script kiddies, they want to USE everything that everyone else puts out. So what? they’re responsible for sales..I’ll gladly take the morons money to further progression on the OS.

  22. Android initially had it’s appeal with the “tech” society and the majority of users were savy enough to be more knowledgeable and diligent in loading software. With the rapid growth of users, that knowledge is no longer holding up. As developers continue knowingly or un-knowingly to allow malware or other malicious content to be embedded in their apps, the need for screening will inevitably take root and become a necessity. I love the freedom of apps and the ingenuity that brings, but there is something to be said for a little pre-testing of apps to diminish the possibility of the android market becoming so tainted that people will shy away from it.

  23. Not surprised rob is a linux zealot, his attitude sounds like what you might find in an online forum. Hey rob, next time your car breaks down because you don’t know how to change the transmission fluid or forget some maintenance maybe you should burn in a fire too.

    In full disclosure i am a linux user, buyer and haven’t used windows at home in years. I help people use and learn linux instead of ridiculing people and being a jerk about everything.

  24. @Tkeith, ooh sorry brother try again, I actually have an ASE certification, an A+ cert, an MCSE cert, network+ and CCIP. oh and I served 4 years in the Army as 31B (Military Police). You’re not a linux “user” rofl..”I am a linux user, buyer” you buy Linux. Your skills far surpass mine sir.

  25. So, we have an anonymous app which is not being distributed by the Android Marketplace which does not notify users about permissions (unlike the marketplace). Come on journalists, read the sentence “without the owner’s knowledge or consent” in the press release. This is being installed by “a number of mobile devices” – this could be 4 mobile devices.

    Add to this we are talking about a story which is coming from an anti-virus company that has an Android app in development, which is based in Russia, where the malware happens to be propagating. Mofo, anyone heard of connect the dots?

    Seriously, I do not doubt for a second that such an app could exist. You know why, because they are do in the frickin Android Marketplace! APPS CAN ALREADY USE PREMIUM RATE NUMBERS. It is up to the user to check ALL permissions of any nefarious app they may install and see if they request anything suspicious. Guess what, calling premium rate numbers, even for an idiot, should raise a frickin red flag! If you install, nul points, you loose.

    I got caught out by the wallpaper app, so maybe I am being harsh. BUT I WOULD NOT INSTALL SOMETHING WHICH ASKED FOR PREMIUM RATE NUMBERS, FUCKING EVER.

    No case here, just some bullcrap from an ant-virus kabbalah bull crap.


  26. @DanDavidson, you are spitting truth over there… hell, you might have truth diarrhea! This is a company trying to load up on press releases and freak people out before they launch their worthless security app in 2011. They probably wrote the damn thing. Just because an app sends SMS messages out against your will to Shortcodes that will charge you for it does not make it a virus or a trojan AT ALL. Someone please send me the .apk – I would love to decompile it and check it out. Also, whoever is profiting from the Shortcode charges is going to get in BIG trouble because it takes a lot of paperwork to get those setup! Trust me.

    I am pretty sure WaveSecure would fall under this category. It makes your phone receive a bunch of SMS messages from singapore when you use certain functions!

  27. Kevin, please change the story, this is not a Trojan and this type of sensationalism is only going to hurt Android.

  28. Immune, blocked all that stuff years ago. Wouldn’t even have to worry about it if I was stupid enough to download and run it

  29. Damn, but it’s not possible in theory to have an OS that’s immune to viruses and spywares.

  30. @Rob
    You are a jerk plain and simple. My 74 year old father recently bought a Droid Incredible. I have explained to him the need to carefully read all permissions before you install an app. I also carefully explained to him why apps ask for these permissionsbut he isn’t tech savvy so he should “die in a fire?”

  31. Fuck Kapersky it doesn’t take a genius to know who is responsible for it. Somebody needs to put them out of business for this crap.

  32. rob on that faggy time

  33. 1. This app is not in the Android Market
    2. I rarely sideload apps.

    case closed.

  34. @Rob

    Your a Tool!

  35. Russian security firm??? Isn’t that an oxymoron?

  36. A similar virus was test on 3 android anti-virus apps. Check it out.

  37. “you’re a tool”, “you’re a fag”, “you’re a jerk” – –
    Each and every one of you SHEEP can say what you wish, it’s called an opinion. However it is factual that a Chimpanzee has the mental capacity to understand common sense.

  38. @Rob
    Good points were made, on both sides.. I don’t think it was alluded to that you were a sheep, and perhaps that was a bad way to say that we should be thankful that the popularity of Android has increased as it has led to increasingly better phones.. Obviously not everyone who gets an Android “has it together”.. However I do understand your “Darwin views”, that anyone lame enough to fall for this, kind of deserves the consequences.. The real problem with this whole story, is that it’s crap.. I have absolutely zero faith in anything coming from the “antivirus” community, who are drooling over a new market.. They might convince some of the aforementioned sheep to spend some money for a false sense of protection.. Well “a fool and his money are soon parted”, is just more Darwin at work.. Me, I’ll use the same protection I use on my home PC which dual boots Ubuntu and XUbuntu.. It’s the most awesome ever, and the same I have used in Linux, since the late 90’s.. It’s so good, I have NEVER had a virus, or malware yet.. and it uses no hard drive space, doesn’t use any ram, and doesn’t slow my system down at all…. For the unknowing, send me $5 and I’ll tell you what I use… :)

  39. @ waka I hate that too. That was actually a first for me. I rarely get the opportunity so I said fuck it.

  40. One Solution to this problem: Google needs to differ in their security management of an App between normal SMS and premium SMS.

    I think it would be even OK, if the App gives me a security warning/request/popup the first time a app wants to send an SMS to a premium number.

  41. This app doesn’t even come close to a virus or a trojan.
    It’s not embedded in another app, it doesn’t compromise your system.

    Just use common sense not to install a random app that you have no background about.

  42. @Rob

    Yes you can buy linux, it’s called buying a computer with Linux installed. You know actually supporting the community instead of making it look bad. I’m not impressed at your parts changing training either, the point is everyone makes mistakes and no one deserves to “burn in a fire”.

  43. Ok, a couple of points firstly could the people who keep claiming that this is not a Trojan please shut up, or at least learn what a Trojan is note the bit in the article that states it “comes disguised as a media player” pretty much the definition if you ask me.
    Secondly, whilst Robs suggestion that people who install this should “die in a fire” may be a bit extreme let’s look at what you would have to have done to get this on your phone.

    Step 1 – download the apk from an unsolicited link, never a good idea on any os.
    Step 2 – change your phone settings to allow installation of apps from unknown sources, whilst I’m sure most of the people of this forum have done so, I doubt Oliver Thomas would recommend his father do the same.
    Step 3 – install the program granting it permission for access to sms, odd for a media player and Dan, this isn’t part of the market place, it’s part of the app manager which you have to use to install apps anyway, the only way you could bypass the giving of permissions is if you push the app using adb, and I think we can safely say no-one capable of doing that is going to install the app.
    Step 4 – leave the app on the phone, even though it appears to be non-functional as a music player, and ignore the charges coming up on their bill.

    So yeah maybe they shouldn’t “die in a fire”, but some punishment for outright damn stupidity seems fair no?

  44. @Rob

    Oh dear, oh dear. Apparently “Being a Surgeon and an Auto Mechanic are trained PROFESSIONS in which the people performing them have YEARS of experience”, rather than working in computing, which is obviously not a profession which requires years of experience.

    I note that you “have an ASE certification, an A+ cert, an MCSE cert, network+ and CCIP”. It’s a pity that all those qualifications haven’t made you a trained professional. Instead they were all down to “common sense”.

    You, sir, are trolling here. Furthermore, if your opinions here are truly as stated, you are not a very nice person. Please go away.

  45. Wow….I didn’t think Rob’s post would meet such criticism. Well I guess we might as well hang it up because if its a crime to call a spade a spade when it comes to basic socially engineered malware then what can we do. Theres no other defense except not letting you install anything except what someone else has deemed appropriate. With power comes responsibility folks. I think you’re just as stupid for using almost ANYTHING without trying to have some basic understanding of how it works and how to take care of it. You can drive a car with no idea of how it works and you’ll be taken to the bank when it breaks. Same thing with owning a home. These people were taken to the bank because they don’t want to understand even in the slightest what the permissions are about. We’ve become a society that thrives off ignorance and with that goes our freedom. Its ok to go around knowing nothing now. Thats why while the iPhone users “seem” more protected they aren’t free to do with their phones what they want. They are happy to trade freedom for not having to know anything. I’m not saying you have to be an expert in everything…I’m actually against that and hate the way legalease is used to keep you in the dark. But good grief folks…can we at least understand SOMETHING about the world around us!?!?!?

  46. Android. The new Microsoft.

  47. I don’t don’t think its fair to characterize Rob as a Linux zealot either. Maybe he simply likes to know something about what he is using and because of that understanding can save a few bucks among other things with Linux. The only thing I’d accuse him of is being a DIYer thats sick of being restricted by ignorant people.

  48. The name of the package is
    What would you expect from a package that starts with MS(aka MicroSoft!)
    It had to be obvious that was malware!

    I do encourage all users that use android (and so use Linux in their mobile phones) to start using Linux in their desktops and laptops.

    It is so superior, safer, nicer than windows and moreover it is free and open.
    It has different workspaces, more functional file managers and native hardware support out of the box.
    Give it a try.
    Ubuntu a Linux distro will suit your needs perfectly and at last you can feel you own your computer…

Leave a reply

Your email address will not be published. Required fields are marked *

More in News