Browser Update: Advantage Bad Guys

Monday, July 9, 2012 @ 02:07 PM gHale


Mozilla launched Firefox 14 late last month for devices that run an Android operating system, and always trying to stay one step ahead, cyber criminals turned the event to their advantage.

The would-be attackers masqueraded an SMS Trojan as the popular web browser.

RELATED STORIES
Privacy Issues with Firefox Tabs
Flash Update Fixes Firefox Crashes
Flash Patch Hits Firefox 13
Adobe Patches Flash Bugs

The malicious element, identified as Trojan.AndroidOS.Boxer.d, is going out over a number of Russian websites and comes in various shapes and sizes, GFI researchers said.

Previously seen variants of Boxer informed users by accepting a set of “rules” they would end up charged for sending SMS messages to premium numbers.

However, this particular version doesn’t give any details regarding its true purpose. Once the rogue application installs, the malware quietly activates and sends an SMS to numbers such as 2855, 3855 or 8151.

Another difference, compared to older Boxer variants, is once the SMSs go out, the victim isn’t redirected to a website from where you can download the legitimate app. Instead, it simply loads google.com.

Researchers believe this may be a tactic to make users think the application is defective. They might download and install the fake software again, allowing Boxer to perform its malicious tasks more than once.

The Trojan posed as other apps as well. When Instagram launched on Google Play, Boxer ended up advertised as the popular photo sharing program.

Last week researchers came up with a technology that identified malicious apps directly on a website based on their behavior. Such mechanisms could be highly useful not only for market owners who want to keep their sites clean, but also for regular users.

However, until such systems become more widely implemented, Android fans are advised to download applications only from trusted sources, such as Google Play.



Leave a Reply

You must be logged in to post a comment.