Friday, August 13, 2010

Kaspersky discovers first Android trojan

Kaspersky today identified one of the first readily identifiable instances of Android malware in the field. Trojan-SMS.AndroidOS.FakePlayer.a comes disguised as a media player app but secretly sends text messages in the background to destinations that will charge the user, often without permission or notices. The code is believed to be a moneymaking scheme for criminals.
The instance isn't the first instance of rogue code on the platform, but is the first Android-native code. A batch of HTC Magic phones from Vodafone were accidentally given Windows viruses that infected computers when they were attached over USB.

Mobile research group lead Denis Maslennikov warned that the trojan could be the first of a wave as Android's popularity ends up exposing it to attack. "Those selling devices running Android are experiencing the highest growth in sales among smartphone manufacturers," he said. "As a result, we can expect to see a corresponding rise in the amount of malware targeting that platform."

Google has a number of safeguards to protect against malware, such as the need to check a box to allow non-Market apps and notices as to what permissions an app requires to prevent apps from providing misleading functions. The appearance of a hostile app is nonetheless a symbolic setback for Google, as it gives the impression that the freedoms of app sources and what they can do, such as using the SMS functions, are inherently dangerous.

iPhones so far are only known to have encountered viruses and other problems after jailbreaking. By its nature, a jailbreak usually involves getting root access and allowing all unsigned code to run; the process opens holes that have since been exploited. FakePlayer is significant as its attack doesn't require anything that would be automatically be blocked. [via Inquirer]

Source URL:

1 comment: