SMS Trojan Steals From Android Owners 168
siliconbits writes "A Trojan posing as a media player for Android smartphones automatically sends text messages to premium rate numbers, according to Kaspersky Lab. Company officials say the Trojan, dubbed Trojan-SMS.AndroidOS.FakePlayer.a, is the first of its kind for the Android platform, even though SMS Trojans are currently the most widespread type of malware on mobile phones."
Re:Is this really a trojan? (Score:5, Insightful)
Yes, the user must approve giving the 'Trojan' access to sending text messages, which is included under a big banner that says "Things that can cost you money". Of course, after the 40th or 50th app installed, no one reads them anymore and just clicks the OK button, but Android does notify you of what it's capable of, and even that requires you to check the install apps from other sources button.
Re:Is this really a trojan? (Score:0, Insightful)
Or does it tell you what it's gonna do beforehand?
If you install something that says "THIS WILL COST YOU MONEY", and it sends SMS that costs you money, how exactly is that a "trojan"?
Look, CmdrTaco JUST posted another Apple-praising fluff article about some bullshit connection between the iPad and Star Trek. Did you simply fail to see that? Thus, we can clearly infer that the answer is it's a "trojan" inasmuch as it's not on an iPhone, and what's better, it's a "trojan" in the sense that it is on one of Apple's competitors, making Apple look better. Duh.
Read the TFA? (Score:5, Insightful)
Why bother? I read it, and I still don't know silly details like what the name of this app is, or whether it's been pulled from the Android Market. Actually, now that I think about it, I don't even know *if* it was in the Android Market, or if it's a side-load app. For all I know, Kaspersky "discovered" a proof-of-concept app that they developed themselves. Yeah, that last bit is pretty unlikely, but reading TFA is no help at all in ruling it out.....
Content fail for TFA.
Prosecution? (Score:4, Insightful)
So this should lead to police activity quickly enough, right? One can't (at this time) prove where the trojan came from, but it's easy enough to see who benefits and what accounts the money gets paid into. That should all get frozen, cops should kick down some doors, machines should get confiscated?
Will this happen?
Re:Is this really a trojan? (Score:3, Insightful)
Why not just take the literally 20 seconds to read what parts of the phone an app wants access to? Or at least the 5 seconds to make sure that there's nothing under the 'will cost you money' heading, unless it's an app where that makes sense (I think the only apps I have with entries under those headings are Google maps and Google voice, and both because they're allowed to initiate phone calls).
Re:Prosecution? (Score:3, Insightful)
> Will this happen?
It could. It is quite possible that some mules will find themselves in serious trouble.
Re:Read the TFA? (Score:1, Insightful)
Until the app is named, this sounds like "anonymous sources" BS that some news sites like to do which can't be independently verified.
Unless the app and its developer is specified, this reeks of fear-mongering akin to the lines of "OMG, 1/3 of Android apps have access and *could* expose your personal data".
My take: Name and shame, or don't bother publishing. Even though the Weekly World News is out of print, the US still has more than its share of sensationalistic topics.
Re:Is this really a trojan? (Score:3, Insightful)
It would tell you it's going to send SMS, not that they will cost you money. SO while it's sending SMS info of the songs you listening to share playlists, it also sens SMS to places that charge?
On my phone, the category in the manifest is "Services that cost you money" (in big bold letters) and then under that, as an explanation, it says "directly call phone numbers, send SMS messages."
An application which has the ability to send SMS has the ability to cost you money because it could send SMS to premium-rate numbers or out of the country. Many people wouldn't think about this, and there's probably no easy way for Android to differentiate between regular SMS and premium-rate SMS.
Re:Is this really a trojan? (Score:4, Insightful)
It's amazing how far folks are falling over themselves to defend this type of activity on the Android platform ("well it's their own fault" and "they should have read the warning"). I hate to break it to everyone, but most Android users are not geeks, nerds, or techies. They will do just as windows users have been doing for decades and click 'OK' when prompted. Such behavior should be expected and accounted for, or provisions made to protect end users in spite of themselves.
The difference here? There is no virus scan or malware blocker to save them.