First Trojan Malware Virus Detected for Android Smartphones

Linda Rosencrance, TechNewsDaily Contributor

11 August 2010 02:17 PM ET

Security experts have discovered what they say is the first Trojan malware virus directed at smartphones running Google’s Android operating system.

Kaspersky Lab said the Trojan, named Trojan-SMS.AndroidOS.FakePlayer.a, has already infected a number of mobile devices. [Read "'Viruses Are Winning': Malware Threat Outpaces Antivirus Software ."]

According to Kaspersky, the Trojan penetrates smartphones running Android masked as a harmless media player application, called “Movie Player.” Users are prompted to install a small file just over 13 kilobytes (KB) with the standard Android extension .APK to their phones from a website.

Once installed on the phone, the Trojan begins sending text message, or SMS messages, to premium rate numbers — numbers that charge a fee — without the owners’ knowledge or consent, taking money from users’ accounts and sending it to the cybercriminals.

First for Android

Although the Trojan-SMS category is the most widespread class of malware for mobile phones, the Trojan-SMS.AndroidOS.FakePlayer.a is the first to target the Android platform specifically, according to Kaspersky.

“The IT market research and analysis organization IDC has noted that those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers. As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform,” said Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab, in a blog post. “Kaspersky Lab is actively developing technologies and solutions to protect this operating system and plans to release Kaspersky Mobile Security for Android in early 2011.”

A Google spokesman told CNET that “our application permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user's phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market.”

Kaspersky said users should pay close attention to the services that an application requests access to when it is being installed. Kaspersky said that includes access to premium rate services that charge to send SMSs and make calls because once a user agrees to these functions when the application is being installed, the smartphone might be able to make calls and send SMSs without further authorization.

Kaspersky said the digital DNA, or "signature," for Trojan-SMS.AndroidOS.FakePlayer.a has already been added to its antivirus databases.

Mobile security company Lookout said it has pushed an over-the-air update to automatically protect all Lookout Android users from the new Trojan. The company said the update will automatically be pushed down to the devices of users who already have Lookout installed. User who don’t have Lookout can download it from their phones at lookout.com.