<<<
Monday, December 12, 2011
>>>
 
Premium Rate SMS Trojans in Google's Android Market Posted by Sean @ 15:33 GMT

Premium rate SMS trojans were discovered in Google's Android Market earlier today.

The developer, named "Logastrod", offered supposed free versions of many popular applications. And while Google has shut down the official market account, sites such as AppBrain still list the downloads.

http://www.appbrain.com/search?q=logastrod

Based on AppBrain's numbers, Lagostrod's apps were downloaded numerous times.

But that isn't the end of the story, the trojans are still live.

Avast's Jindrich Kubec sent a tweet towards Mikko with the developer's current name of "Miriada Production".

Miriada Production's Android Market account is currently online:

Miriada Production

There could be several such accounts in Android Market, turning Google's security efforts into a game of Whac-A-Mole.

If installed, the trojans will attempt to send a premium rate SMS using short codes.

Here's a screenshot from the fake World of Goo:

RuleActivity.class

In the past, all of the premium rate SMS trojans that we've actively encountered have targeted Russia.

These trojans are targeting 18 countries.

The list includes the following ISO country codes: am, Armenia; az, Azerbaijan; by, Belarus; cz, Czech Republic; de, Germany; ee, Estonia; fr, France; gb, United Kingdom; ge, Georgia; il, Israel; kg, Kyrgyzstan; kz, Kazakhstan; lt, Lithuania; lv, Latvia; pl, Poland; ru, Russian Federation; tj, Tajikistan; ua, Ukraine.

So how is the developer attempting to justify their apps?

Well… it's in the fine print. Included within the app's installation agreement is language that says the "customer" will be subscribed to a premium service, and then the app, which is basically a wrapper, will then download the "free" game.

The cost to Germany is 1.99, and the cost to France is 4.50 (ouch).

Caveat emptor.

Updated to add: Miriada Production's account is no longer online.

Updated to add: Corrected .lt and .ua ISO codes.






<<< Trade Fair... For Trojans
|
Patch For the Zero-Day Vulnerability Used by Duqu >>>