Android Trojan malware from Russia bills victims for texts they didn't make


An Android Trojan malware that disguises itself as a porn video app is chalking-up massive bills being paid for by users in the USA and 50 other countries.

The malware called "Trojan-SMS.AndroidOS.FakeInst.ef" sends SMS messages to premium-rate numbers. Detected in February 2013, the malware has expanded globally over the past year, according to Russian computer security company Kaspersky Lab based in Moscow. The malware was originally designed to operate in Russia.

Kaspersky said the Trojan disguises itself as an application for watching porn videos. Once installed on a smartphone or another digital device, the malware downloads an encrypted configuration file and starts sending SMS messages to predefined premium-rate numbers depending on the user's mobile country code.

The malware sends three messages that cost $2 each to 97605 when it encounters mobile country codes in the range of 311 to 316. It can also intercept incoming messages and can receive commands from command-and-control servers to send specific text messages to particular phone numbers.

Kaspersky has identified 14 different versions of the malware and determined that the malware has spread to 66 countries.

"This particular program was the first SMS Trojan to reach users in the U.S.," said Roman Unuchek, senior malware analyst at Kaspersky Lab.

The largest number of infections is in Russia and Canada. The number of the malware's victims in the US remains low.

Security analysts believe this malware and another widespread Trojan called Trojan-SMS.AndroidOS.Stealer.a suggests a global escalation for this type of threat.

Kaspersky researchers did not clarify how the rogue apps that carry this Trojan are being distributed. They believe the apps are probably not downloaded from Google Play since Google has gotten much better at policing its app store.

This leads researchers to surmise that Android users are probably affected after specifically configuring their phones to allow the installation of apps from unknown sources.

Copyright © 2014 Ecumenical News