Download Free
Learn MoreSecurity Alert: First Android SMS Trojan Found in the Wild
UPDATE: Lookout has pushed an over-the-air (OTA) update to automatically protect all Lookout Android users from this newly reported Trojan. If you already have Lookout installed, the update will be automatically pushed down to your device. If you don’t have Lookout, go to www.mylookout.com from your phone to download it now or find Lookout in the Android Market.
==============================================
Today, Kaspersky Labs reported the first SMS Trojan that infects Android smartphones.
The Threat: The Trojan is hidden inside an application called “Movie Player.” Users are prompted to install an application that looks like a media player of just over 13KB to their phone from a website. Take note that the app does list “Services that cost you money (send SMS messages)” as one of the required permissions prior to installation.
How it Works: Once installed, the Trojan proceeds to send SMS messages to premium-rate numbers charging several dollars per message without the owner’s knowledge or consent.
Phones it Affects: So far this has only affected Android smartphone users in Russia and only works on Russian networks. As far as we know, there is no indication that this app is in the Android Market.
How to tell if you’re affected:
- Review your phone bill for any premium SMS messages you did not send
- If you have recently downloaded a media player, check the permissions to ensure it does not have the ability to send SMS messages. (Go to Settings, Applications, Manage Applications)
Lookout is tracking this threat and we will have an update out to our users shortly. In the meantime, we recommend the following:
How to Stay Safe:
- Only download applications from trusted sources. Remember to look at reviews and star ratings.
- Always check the permissions an app is requesting when downloading apps. Use common sense to ensure that the permissions match the type of app you are downloading.
- Download a mobile security app for your phone that scans every app you download. We’re partial to Lookout.
As we’ve previously noted, with the discovery of this new Android Trojan, it is more important than ever to pay attention to what you’re downloading. This Movie Player app directly lists permissions to access “Services that cost you money” before you install. Stay alert to ensure that you trust every app you download and stay tuned for more details on this threat.
© 2012 Lookout, Inc. All rights reserved. Patents pending.
[...] as we know, there is no indication that this app is in the Android Market,” Lookout said in a blog post. It was also reported on a Russian smartphone news [...]
[...] The virus appears to only be affecting Russian smartphone networks, which is good news if you aren’t Russian. Furthermore, it is still yet to be spotted on the Andriod Market; “As far as we know, there is no indication that this app is in the Android Market,” (credit: Lookout) [...]
[...] on the job of protecting users who have their Lookout Mobile Security application installed by releasing an over the air update to protect against the Trojan.Currently there is no evidence the app was in Google’s Android Market however installed [...]
[...] a security company specializing in mobile antivirus software, said in a blog post that the malicious program was the first Trojan horse developed exclusively for the Android [...]
What was the source of the app if it wasnt through Android Market and any indication as to how many phones were infected?
Yikes! Still waiting on the OTA, but for now I just ran the virus scan on my Lookout on my Nexus One (Froyo). 180 applications checked and 0 viruses (or malware like this, I would assume) found.
Any idea on how long it will be before the OTA?
@Alan: The Trojan was reportedly available for manual download on a Russian web site. To acquire it, one would have to have manually clicked a link and had side-loading of non-Market apps enabled. There is no indication it was widely downloaded.
@Max: Thanks for writing in. We have already pushed the OTA update to all Lookout users. Make sure you have the latest version of Lookout downloaded and you should be all set. If you have any problems, feel free to email us at support-at-mylookout.com.
[...] platform. Kaspersky Labs identified it as a premium rate SMS attack and Lookout noted it in a blog post. (The story also made the New York Times.) As John points out in the podcast interview, attacks of [...]
Cool, I read blogs on a similar topic, but i never visited your blog. I added it to favorites and …
Good jobs published, thanks.
[...] as we know, there is no indication that this app is in the Android Market,” Lookout said in a blog post. It was also reported on a Russian smartphone news [...]
[...] today, a third variant of the “FakePlayer” SMS Trojan was detected. On August 10th, we covered the initial “FakePlayer” SMS Trojan release and gave a thorough overview of how the Trojan works. Approximately one month later the first [...]
[...] 官方網站: http://android.a0soft.com/aSpotCat.htm 參考文件 http://blog.mylookout.com/2010/08/security-alert-first-android-sms-trojan-found-in-the-wild/ var blogurl="http://nicaliu.info"; var needemail="1"; var nowurl="3241"; var md5 = [...]
[...] talked about phishing at length on the blog, but let me explain drive-by downloads. Last August, we wrote about an SMS Trojan, in which an innocent-seeming movie player app infected a phone with malware that caused the phone [...]