Threat Description

Trojan:​Java/Redbrowser.A

Details

Aliases:Trojan:​Java/Redbrowser.A, Trojan:​Java/Redbrowser.A, Trojan-SMS.J2ME.RedBrowser.a
Category:Malware
Type:Trojan
Platform:Java

Summary



Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.



Removal



F-Secure Mobile Anti-Virus is capable of detecting and deleting the Redbrowser.A trojan. It is also possible to remove the Redbrowser.A trojan by uninstalling it with the Symbian application manager.



Technical Details



Redbrowser.A is J2ME based Java Midlet that sends SMS messages to specific number. The Redbrowser pretends to be a WAP browser that offers free WAP browsing using free SMS messages to send the WAP page contents, but what it actually does is to send SMS messages to one specific number, which may cause financial losses to the user.

Redbrowser claims to send free SMS messages to fool the user into allowing the application permission to use Java SMS capabilities in phones that require permission from the user before sending SMS messages. This claim of free service is a form of social engineering. The social engineering texts used in Redbrowser.A are in Russian, which limits the trojan only to Russian speaking countries.

Propagation (SMS)

Redbrowser.A contains a fixed phone number to which it will send SMS messages. After Redbrowser.A has shown the social engineering texts it will send a SMS message to that number.

The message sending function of Redbrowser.A is in an infinite loop, so unless terminated by the user it will send a constant stream of messages. Each of those message will be charged to the user's account.First Redbrowser.A tells the user that its web browser uses SMS messages instead of a GPRS connection.

In the next step it asks the user to select an operator (service provider) to be used for browsing.

After that the user has options to either pass or exit. (See below.)

If the user choose the pass option then Redbrowser.A will start a continuous flood of SMS messages. Each message requires the users approval.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More