Android Gets its First Trojan

Ryan Whitwam

Android has had a few security scares during its meteoric rise to greatness, but this is the first time a software package could accurately be described as a malicious trojan . The malware, called Trojan-SMS.AndroidOS.FakePlayer, appears to be a standard Android application with the .APK file extension. Upon installing, the app will begin sending out SMS messages to premium numbers. This racks up huge charges on customer bills. It could be a big payday for the criminal elements behind this trojan.

This application is not available through the Android Market, it is obtained from outside sources and must be side-loaded onto the phone. This has kept its spread limited to Russia so far. Even if international users were infected, they could not be charged by the premium number being used. In response to the issue Google said in a statement, "Users must explicitly approve this access in order to continue with the installation. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market."

Is this the beginning of a trend? If this proves to be just the first volley in a campaign to target Android with malware, we might be running mobile security apps out of necessity rather than paranoia.

Around the web