Android Monitor Really a Trojan

Monday, November 28, 2011 @ 04:11 PM gHale

Smartphone apps may be useful, but they also may be a horror.

One app can seemingly monitor and manage SMSs, calls and Internet traffic on an Android smartphone, but is really a malicious Trojan can start sending messages to premium rate numbers.

The application targets users from Belgium, France, Switzerland, Luxemburg, Germany, Spain and Canada, said researchers at Kaspersky Lab.

Small Businesses Don’t Fear Threats
Targeted Attacks on Rise
Malware Alert: Android up 472%
Malware Thrives, Remains Undetected

On a closer inspection, the app hosted on the web as SuiConFo was hiding a SMS Trojan identified as Trojan-SMS.AndroidOS.Foncy, which sends four short messages to premium rate numbers.

To make the piece of software as legitimate looking as possible, its creators made sure that an icon would appear in the phone’s menu, but once it launches an error pops up, saying the Android version is not compatible.

Right after the error shows up, the Trojan will use two public methods in order to determine the ISO country code of the SIM card. Based on this country code, it will send the four SMSs to one of the eight locations.

This malware will not only send short messages, but it will also hide incoming SMSs from certain numbers. This action makes sure the victim does not see the reply messages received from the premium numbers.

Also, its creators want to make sure they are aware at all times of the number of victims, so the virus can send alerts to a French cell phone number, based on the replies sent by the premium numbers.

Due to the fact these SMS Trojans can generate a considerable income for their masters, it’s very likely these malicious operations will extend to affect citizens of other countries, especially since Android phones are so popular.

Leave a Reply

You must be logged in to post a comment.