Microsoft researchers are warning about a new Trojan horse program for Android mobile devices that sends out premium SMS messages once installed.
The Trojan is just the latest example of malware that is installed by unwitting users who frequent phony mobile application marketplaces designed to look like Google’s Android Market, according to a post Tuesday from Microsoft researcher Methusela Cebrian Ferrer of the company’s Malware Protection Center (MMPC).
The malicious application, identified as Trojan:AndroidOS/SMSFakeSky was identified last week and targets Android users in Russia. Ferrer said that the Trojan horse application was bundled in one of around 50 different mobile applications purporting to be popular add-ons such as Adobe Reader, Angry Birds, Gmail, Google Maps and Doodle Jump 2. The applications were being sold from a legitimate-looking, but phony application marketplace.
After being installed, the Trojan displays a bogus user agreement that is not accessible to the phone owner. When the owner clicks the “Agree” button, the malware sends multiple SMS (short message service) messages to premium numbers, resulting in charges to the owner’s phone. Subsequent interactions with the Trojan-infected applications result in other malicious programs being downloaded, according to a post on Microsoft’s Malware Protection Center Web site.
The new Android malware is just the latest example of cyber criminals opting to lure victims to “shop” at a phony online storefront, rather than tricking them into clicking a malicious link or file attachment. The fake stores are becoming more common, according to research by Microsoft employees Sergey Chernyshev and Daniel Chipiristeanu. Rather than having to aggressively con users (for example: telling them their phone or computer is infected with a virus) the stores allow for a less aggressive but more alluring pitch: free or pirated copies of popular applications.