The Threat: In August we covered the SMS Trojan and now a variant of this Trojan has surfaced. The variant is reportedly using SEO techniques to achieve prominent placement in search results for Russian web sites. Like its predecessor, this Trojan masquerades as a media player, being distributed as “pornoplayer.apk.”
How it Works: The new malware is being distributed on adult-oriented Russian websites that prompt Android users to download the pornplayer.apk application from an infected webpage in order to view the adult videos. If a user chooses to install the application, it requests permission from the user to send SMS messages. Once the application is launched, the Trojan sends several SMS messages to premium rate numbers. The charges equate to roughtly $6 USD.
Phones it Affects: While the Trojan can be installed on any Android device, the short codes that it uses are only valid on Russian and surrounding regional networks.
How to tell if you’re affected:
- Review your phone bill for any premium SMS messages you did not send
- If you have recently downloaded a media player, check the permissions to ensure it does not have the ability to send SMS messages. (Go to Settings, Applications, Manage Applications)
How to Stay Safe:
- Only download applications from trusted sources. Remember to look at reviews and star ratings.
- Always check the permissions an app is requesting when downloading apps. Use common sense to ensure that the permissions match the type of app you are downloading.
- Download a mobile security app for your phone that scans every app you download. We’re partial to Lookout and Lookout protects against this threat.
As we’ve previously noted, with the discovery of these new Android Trojans, it is more important than ever to pay attention to what you’re downloading. This Movie Player app directly lists permissions to access “Services that cost you money” before you install. Stay alert to ensure that you trust every app you download and stay tuned for more details on this threat.