Auto-dialing malware has migrated from Symbian devices to Android ones, warns NetQin Mobile researchers.
The Trojan has been spotted embedded in over 20 Android applications offered for download on various online forums, including Donkey Jump, Jungle Monkey, Gold Miner, Voice SMS, Drag Racing and others.
Once one of these applications is installed, the Trojan prompts the user to upgrade the app. The “upgrade” installs the Trojan and prompts the user to restart the application, which formally activates the Trojan.
The goal of the Trojan is to steal users’ private information and send it to a remote server, and to dial or send text messages to predetermined numbers, which results in higher monthly bills for the users.
“Meanwhile, the malware also blocks messages from the mobile carrier to prevent users from getting fee consumption updates in time,” explain the researchers. “The malware may also insert messages to the inbox of a mobile device at a designated time.”
In the meantime, F-Secure has also detected a similar trojan targeting Chinese Android users. It poses as an “update for a security vulnerability”, and the link for it is distributed via SMSs made to look like they are coming from a major Chinese telecom.
Among the permissions that the trojan – dubbed AdSMS – asks of the users are full Internet access and sending SMS messages. Once the user agrees, the Trojan installs itself but doesn’t add an icon to the application menu, trying to remain unnoticed.
The good news is that the Trojan is easily spotted if the users goes to the Setttings > Applications > Manage Applications menu – the application is named andiord.system.providers, and it’s also easy to deinstall.
“Once installed, the trojan steals phone details, connects to a remote site to download more files. It also has the capacity to read, write and send SMS messages,” says F-Secure.