SMS Trojan Steals From Android Owners - Slashdot

Slashdot

SMS Trojan Steals From Android Owners 168

Posted by CmdrTaco on Tuesday August 10 2010, @01:16PM
from the no-way-i-wanted-hott-sexx dept.

siliconbits writes "A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android platform, even though SMS Trojans are currently the most widespread type of malware on mobile phones."

This discussion has been archived. No new comments can be posted.

SMS Trojan Steals From Android Owners

Search 168 Comments Log In/Create an Account

Comments Filter:

Is this really a trojan? (Score:4, Informative)

by schon (31600) writes: on Tuesday August 10 2010, @01:19PM (#33206196)

Or does it tell you what it's gonna do beforehand?
If you install something that says "THIS WILL COST YOU MONEY", and it sends SMS that costs you money, how exactly is that a "trojan"?

Share
twitter facebook
Re:Read the TFA? (Score:3, Informative)

by unix1 (1667411) writes: on Tuesday August 10 2010, @01:31PM (#33206360)

Found the original announcement [kaspersky.com]. No name of an app there either.
While there could definitely be such an app, the article definitely sounds like an advertisement for their product rather than a security notification.

Parent Share
twitter facebook
Bad summary (Score:5, Informative)

by esocid (946821) writes: on Tuesday August 10 2010, @01:33PM (#33206392) Journal

After trudging through several articles, not one mentions the application's name. It does however mention that the trojan can be packed into basically anything. It also doesn't mention that only users in Russia are affected by the SMS charges.
According to Denis Maslennikov, Senior Malware Researcher at Kaspersky Lab, there's not an exact number of infected devices available at present, but the outbreak is currently regional. For now, only Russian Android users can actually lose money after installing the Trojan, but anyone can be infected.
http://www.readwriteweb.com/archives/first_trojan_for_android_phones_goes_wild.php [readwriteweb.com]

Share
twitter facebook
Re:Bad summary (Score:4, Informative)

by esocid (946821) writes: on Tuesday August 10 2010, @01:34PM (#33206410) Journal

Also forgot to mention, it isn't in the market. It has to be manually installed, with that little box checked to allow non-market apps to be installed.

Parent Share
twitter facebook
Re:Is this really a trojan? (Score:3, Informative)

by SCPaPaJoe (767952) writes: on Tuesday August 10 2010, @01:43PM (#33206540)

I Agree. When I first got my Droid, I was going to install a free game until I saw it wanted access to by contacts list. The notification screen during app install is quite clear and easy to understand. There is no excuse for not reading it.

Parent Share
twitter facebook
Re:Is this really a trojan? (Score:4, Informative)

by flibuste (523578) writes: on Tuesday August 10 2010, @01:46PM (#33206576)

In all honesty, the way Android reports what an application uses is way too weak and not granular enough. Basically, you require access to 1 URL, your application needs "Full Internet Access". Want to access the GPS data? Your application needs "Location access", "Services that may cost money", etc.
The way an application declares its "needs" is through an element in the Android Manifest file. However, the choices are really limited to the existing Android services, and most of them have a 1 to 1 relation with the services they relate to, and nothing more granular such as "Requires GPS access using only satellites (costs nothing)", "Requires GPS access using cell towers", "Requires GPS access through paying services".
In the end, the user downloading an app sees warning that are mostly meaningless, and which appear in many other applications. It's close to impossible to spot a possibly-offensive application such as this Trojan.

Parent Share
twitter facebook
Re:Is this really a trojan? (Score:5, Informative)

by metamatic (202216) writes: on Tuesday August 10 2010, @01:52PM (#33206650) Homepage Journal

Is it possible for an app to request access to the filesystem, then modify another existing app with a payload that makes it do all the dirty work?
No. Each Android app runs as a separate Linux userid [android.com]. Even if you give the app filesystem access, it can't write to files that belong to other apps, let alone rewrite the apps themselves.

Parent Share
twitter facebook
Re:Is this really a trojan? (Score:3, Informative)

by Sancho (17056) * writes: on Tuesday August 10 2010, @02:20PM (#33206978) Homepage

The manifest says, in big bold letters, that the app may cost you money by placing phone calls and sending SMS.

Parent Share
twitter facebook
Re:Hahaha (Score:3, Informative)

by ViViDboarder (1473973) writes: on Tuesday August 10 2010, @02:24PM (#33207022)

False

Parent Share
twitter facebook
Re:So... (Score:5, Informative)

by shmlco (594907) writes: on Tuesday August 10 2010, @02:26PM (#33207050) Homepage

"Oh and why do you capitalize the 'middle east'? Is it a country now, worthy of promotion to a proper noun?"
Doesn't need to be a country. Region names are capitalized when they stand alone and are widely understood to designate a specific geographic (or geopolitical) area. e.g. Southern California, the Bay Area, the Middle East.
http://www.utexas.edu/visualguidelines/capitalization.html [utexas.edu]

Parent Share
twitter facebook
Re:Is this really a trojan? (Score:2, Informative)

by Anonymous Coward writes: on Tuesday August 10 2010, @02:31PM (#33207120)

In all honesty, the way Android reports what an application uses is way too weak and not granular enough. Basically, you require access to 1 URL, your application needs "Full Internet Access". Want to access the GPS data? Your application needs "Location access", "Services that may cost money", etc.
Do you use Android? It is more granular than that. Location access can specify coarse (cell location) and fine (GPS). "Services that may cost money" can specify SMS or phone calls. Many apps use a "Phone" permission that's called "Read phone state" so that it can know when you're receiving a call. Apps like Google Voice that use the "Phone" permissions also include things like "Make outgoing calls" and "Intercept calls".
Your fine-grained permissions are right there.

Parent Share
twitter facebook
Re:Is this really a trojan? (Score:3, Informative)

by mjwx (966435) writes: on Tuesday August 10 2010, @09:07PM (#33211116)

Out of curiosity, how does a Windows user gain access to the iPhone's file system? Is there even a removable storage card on an iPhone, or is the entire phone a USB mass storage device?
They dont. No MSC functionality what so ever. All communication with an Iphone is done through Itunes.
True, and if the Android were to move to a better file system than FAT32, that's probably the best way to do it
Android already uses a newer file system. The / is YAFFS2. Only /SDCARD is VFAT and this can be reformatted to EXT3 if the user wants. FAT32 is only there for compatibility with OS's that cant read EXT file systems

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

477 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

Metermaids eat their young.