According to Denis Maslennikov, a senior malware analyst with Kaspersky Lab, the trojans can `adapt’ to eight countries, and generate premium rate text messages to the relevant country’s number.
These latest trojans, he says, build on some early examples he and his team spotted back in July, whichsubscribed users a range of premium-rate services with the promise of raunchy images.
These applications, he noted at the time, were targeting users from the US, Malaysia, the Netherlands, the UK, Kenya and South Africa.
And now the problem has evolved to text message trojans, which target users from a number of European countries and Canada, he says, noting that the trojans make no effort to target Chinese or Russian smartphone users.
"According to the messages we found on internet forums, the first infections were reported in early September. Somebody downloaded an application to manage and monitor his own SMS/MMS messages, calls and traffic. After launching this application it displayed the message that it was not compatible with the user’s Android version. And then the user’s mobile account was emptied”, he says in his latest security posting.
Maslennikov adds that he and his team tracked down the application, which turned out to be an SMS trojan - Trojan-SMS.AndroidOS.Foncy - that sends 4 SMS messages to premium rate numbers.
Analysis of the trojan reveals that it was spreading via a file hosting website with the name ‘SuiConFo.apk’ - after installation, it appears on the main menu of Android smartphones.
So how does the trojan work out which country’s SMS codes to use?
The Kaspersky senior malware analyst’s notes that the malware code calls up the getSimCountryIso in the TelephonyManager class in order to retrieve the ISO country code of the SIM card.
After that, he says, the trojan code calls up relevant data to generate premium rate text messages for eight countries: France (81001 SMS number), Belgium (9903 SMS number), Switzerland (543 SMS number), Luxembourg (64747 SMS number), Canada (60999 SMS number), Germany (63000 SMS number), Spain (35064 SMS number), and the UK (60999 SMS number).