CA Technologies researcher spots trojan posing as new Android browser

According to Dinesh Venkatesan, a security researcher with CA Technologies, a few months ago his team spotted a trend of 'SMSer trojans' disguising themselves as popular browser applications and targeting the users of smartphones with support for J2ME.

Over the past few days, he says, he and his team have been observing a similar trend in the influx of SMSer trojans posing as browser applications for the Android platform.

Conceptually, he said, the Android trojans have the same functionality of those of J2ME samples – only the implementation language has changed, and they continue to pass themselves off as browser apps.

In his latest security posting, Venkatesan says the malware functions as a browser, but sends text messages in the background that rack up the user's mobile bill.

As with the J2ME trojan, he notes that the Android malware does not do anything out-of-the-box to break into the device to send the text message without the user's permission.

“During installation, the user will be clearly prompted that the application needs permission to send an SMS”, he said, adding that when installing as an advanced version of Opera, it generates some text messages.

Once the messages are sent, the user is then prompted with a hyperlink to download the intended browser from the legitimate site – although, Infosecurity notes, the portable device is now infected with the malware.

This social engineering trick of disguising itself as legitimate application, says Venkatesan, has proven a successful method for the malware to trick many innocent users in the past.

“We strongly advise users to exercise critical decision making while evaluating app permissions at time of installation”, he concluded.

What’s Hot on Infosecurity Magazine?