Popular Porn Sites Distribute a New Trojan Targeting Android Smartphones

Popular Porn Sites Distribute a New Trojan Targeting Android Smartphones

Kasperksy Lab, a leading developer of secure content management solutions, has detected a second piece of malware, categorized as a Trojan-SMS, which targets smartphones running on the Android platform.

In an attempt to infect as many devices as possible, cybercriminals are distributing the new malware via the Russian-language sites that come out on top of searches for pornographic videos. Revealingly, the owners of these adult content sites are deliberately prompting Android users to download the new Trojan, while users of other platforms receive the desired content.

As with its predecessor, the latest Trojan, named Trojan-SMS.AndroidOS.FakePlayer.b, masquerades as a media player. A smartphone can only be infected if the user manually installs the application. Users of smartphones running Android are asked to download the pornplayer.apk application from an infected webpage in order to view adult content videos. The installation file is only 16.4 KB and during installation the Trojan seeks the user's consent to send SMS messages – a requirement that a media player is very unlikely to need.

Once the user launches the fake application, Trojan-SMS.AndroidOS.FakePlayer.b begins sending SMS messages to a premium rate number without the user's knowledge. The messages cost $6 each, resulting in hefty sums being transferred from the user's account to that of the cybercriminals.

"Android users should pay close attention to the services that an application seeks permission to access," said Denis Maslennikov, Mobile Research Group Manager at Kaspersky Lab. "Automatically permitting a new application to access every service that it says it needs to means you could end up with malicious or unwanted applications doing all sorts of things without requesting any additional information."

The code insideTrojan-SMS.AndroidOS.FakePlayer.b is similar to that of Trojan-SMS.AndroidOS.FakePlayer.a – the first Android Trojan-SMS that was detected by Kaspersky Lab experts a month ago. This suggests that both of these malicious applications were authored by one and the same person, or group of people.

IDC analysts report that Android mobile device vendors have displayed the most dramatic growth in sales among all smartphone vendors worldwide. Kaspersky Lab's experts predict that more malicious programs targeting devices running on the Android platform are sure to emerge in the near future and are currently making every effort to develop security technologies and solutions to protect this operating system.

09 Sep 2010