August 10, 2010

Security Alert: First Android SMS Trojan Found in the Wild

UPDATE:  Lookout has pushed an over-the-air (OTA) update to automatically protect all Lookout Android users from this newly reported Trojan. If you already have Lookout installed, the update will be automatically pushed down to your device. If you don’t have Lookout, go to from your phone to download it now or find Lookout in the Android Market.


Today, Kaspersky Labs reported the first SMS Trojan that infects Android smartphones.

The Threat: The Trojan is hidden inside an application called “Movie Player.” Users are prompted to install an application that looks like a media player of just over 13KB to their phone from a website.  Take note that the app does list “Services that cost you money (send SMS messages)” as one of the required permissions prior to installation.

How it Works: Once installed, the Trojan proceeds to send SMS messages to premium-rate numbers charging several dollars per message without the owner’s knowledge or consent.

Phones it Affects: So far this has only affected Android smartphone users in Russia and only works on Russian networks. As far as we know, there is no indication that this app is in the Android Market.

How to tell if you’re affected:

  • Review your phone bill for any premium SMS messages you did not send
  • If you have recently downloaded a media player, check the permissions to ensure it does not have the ability to send SMS messages. (Go to Settings, Applications, Manage Applications)

Lookout is tracking this threat and we will have an update out to our users shortly. In the meantime, we recommend the following:

How to Stay Safe:

  • Only download applications from trusted sources. Remember to look at reviews and star ratings.
  • Always check the permissions an app is requesting when downloading apps. Use common sense to ensure that the permissions match the type of app you are downloading.
  • Download a mobile security app for your phone that scans every app you download. We’re partial to Lookout.

As we’ve previously noted, with the discovery of this new Android Trojan, it is more important than ever to pay attention to what you’re downloading. This Movie Player app directly lists permissions to access “Services that cost you money” before you install. Stay alert to ensure that you trust every app you download and stay tuned for more details on this threat.

  1. Alan Goode says:

    What was the source of the app if it wasnt through Android Market and any indication as to how many phones were infected?

    • tim says:

      @Alan: The Trojan was reportedly available for manual download on a Russian web site. To acquire it, one would have to have manually clicked a link and had side-loading of non-Market apps enabled. There is no indication it was widely downloaded.

  2. Max says:

    Yikes! Still waiting on the OTA, but for now I just ran the virus scan on my Lookout on my Nexus One (Froyo). 180 applications checked and 0 viruses (or malware like this, I would assume) found.

    Any idea on how long it will be before the OTA?

  3. jenny says:

    @Max: Thanks for writing in. We have already pushed the OTA update to all Lookout users. Make sure you have the latest version of Lookout downloaded and you should be all set. If you have any problems, feel free to email us at

  4. free loans says:

    Cool, I read blogs on a similar topic, but i never visited your blog. I added it to favorites and …

  5. Good jobs published, thanks.

Leave a comment