Android trojan infection methodology explained

According to Rob Rachwald, the firm's director of security, the trojans then generate large numbers of text messages to premium rate numbers, which he says is how they monetise their frauds.

Coupled with the fact that the Android app market is quickly becoming the largest app store in terms of number of applications, he argues that hackers are becoming quick to jump on this issue and use it to their advantage.

Rachwald and his team have analysed one popular Android piece of malware that poses as an adult app, but actually infects the user's smartphone with a trojan that generates premium rate text messages.

The trojan, he says, comes as an .apk file. "The `.apk' file is an Android application package file, which contains all of the application's code files, resources, assets, and manifest file", he says in his latest security blog.

The most interesting file in the Android app, he adds, is the classes.dex file, the compiled Android application code file.

After disassembling the doe, Imperva's research team found that the `DataHelpers*' files and the `MoviePlayer' file are the main malware code.

"Now, let's open the MoviePlayer file with a text editor to understand the purpose of this malware", he says in his blog.

"Bingo! We have an SMS-based trojan targeting Android smartphones", he says, adding that the `7132' string is the premium rate number.

"The premium rate SMS numbers are the SMS equivalent to the 1-900 numbers from yesteryear. They cost users money in the form of charges on their [cellular] account for messages sent to and/or received from the number in question", he explained.

What’s hot on Infosecurity Magazine?