Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Trend Micro researchers were alerted to the discovery of the first SMS Trojan running on Google’s Android OS smartphones.

    Upon investigation, the malware disguises itself by using the Windows Media Player icon. It also attempts to send text messages to numbers such as 3353 or 3354 with the message string, 798657 via the current default Short Message Service Center (SMSC). In addition, it uses the Permissions function (android.permission.SEND_SMS) to allow the said app to send messages. This routine is similar to the Symbian malware we blogged about that also posed as an application and sent text messages to specific numbers.

    Click Click Click

    According to advanced threats researcher Ivan Macalintal, the payload of this attack is not new since in the past, we’ve seen mobile threats that perform the same fraudulent routines. “This income-generating scheme is a low-hanging fruit for cybercriminals. What makes it unique is the use of Android as the targeted platform and, with the increasing popularity and usage of Android, we can expect more malicious code served up in that alley.”

    Trend Micro products detect this as TROJ_DROIDSMS.A.

    Analysis and screenshots provided by threats analysts Mark Balanza and Alvin Jethro Bacani, and threat response engineer Jessa De La Torre.

    Update as of August 12, 2010, 10:15 PM (UTC)

    Upon further investigation, threats analyst Edgardo Diaz confirmed that the malware code did not work properly due to programming errors that caused exceptions. In effect, the malware failed to do its intended routine which is to send SMS to premium rate numbers.

     

    Click for larger view

     

     

    Update as of August 22, 2010, 7:00 p.m. (UTC)

    TROJ_DROIDSMS.A has been renamed to ANDROIDOS_DROIDSMS.A.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice