RedBrowser sends SMS to premium rate numbers

Kaspersky Lab, a leading developer of secure content management solutions, has detected a new piece of mobile malware. Trojan-SMS.J2ME.RedBrowser.a is the first malicious program which infects not only smartphones, but any mobile phone capable of running Java (J2ME) applications.

The Trojan spreads in the guise of a program called “RedBrowser”, which allegedly enables the user to visit WAP sites without using a WAP connection. According to the Trojan’s author, this is made possible by sending and receiving free SMSs. In actual fact, the Trojan only sends SMSs to premium rate numbers. The user is charged $5 – $6 per SMS.

The Trojan is a Java application, a JAR format archive. The file may be called “redbrowser.jar”, and is 54482 bytes in size. The Trojan can be downloaded to the victim handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer. The archive contains the following files:

FS.class – auxiliary file (2719 bytes in size)
FW.class – auxiliary file (2664 bytes in size)
icon.png – graphics file (3165 bytes in size)
logo101.png – graphics file (16829 bytes in size)
logo128.pnh – graphics file (27375 bytes in size)
M.class – interface file (5339 bytes in size)
SM.class – Trojan application which sends SMS messages (1945 bytes in size)

The Trojan can be easily removed from the victim handset using standard utilities already installed on the telephone.

So far, Kaspersky Lab has only received one sample of RedBrowser, which clearly targets subscribers of Beeline, MTS, and Megafon, Russia’s major mobile service providers. However, other versions of RedBrowser, or similar programs, may well be circulating on the Internet. RedBrowser is a sign that virus writers are extending their reach, and no longer only targeting smart phones.

Mobile phone users are recommended to be cautious and not to download or launch unknown programs via the Internet.

Don't miss