Skip to main content

First J2ME Mobile Phone Trojan Spotted

Russian anti-virus specialist Kaspersky Lab has discovered evidence of the first mobile phone Trojan targeting J2ME (Java 2 Platform, Micro Edition) devices.

The sample Trojan, identified as Redbrowser.A, works on most phones with J2ME support, raising fears that malware writers are expanding the target beyond just Symbian-based smart phones.

Redbrowser.A is a J2ME-based Java Midlet that pretends to be a WAP (Wireless Application Protocol) browser that offers free WAP browsing.

Instead, once a phone is infected, the Trojan sends text messages to premium rate numbers, saddling the victim with exorbitant messaging charges.

The infected user gets charged between $5 and $6 for each text message sent by the Trojan, said Shane Coursen, Kaspersky Lab's senior technical consultant.

In an interview with eWEEK, Coursen said the Trojan, which was not found in the wild, is further proof that the mobile malware threat "is expanding rapidly."

Click here to read more about cell phone viruses.

"We now know that it's not only a threat to smart phones. All these regular phones that support J2ME are vulnerable and can become a major target," Coursen added.

The Redbrowser.A Trojan can be downloaded to the victim handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer, he said.

F-Secure, a Finnish anti-virus vendor, has issued updated virus definitions for the latest threat.

"The fact that Redbrowser claims to send free SMS messages as part of its normal operation, is to fool the user into allowing the application permission to use Java SMS capabilities in phones that require permission from the user before sending SMS messages. This claim of free service is a form of social engineering," said F-Secure researcher Jarno Niemela.

He said the social engineering texts are in Russian, which limits the Trojan only to Russian-speaking countries.

Read more here about the Cabir worm targeting smart phones.

Niemela said the Trojan contains a fixed list of 10 phone numbers to which it will send SMS messages.

After the social engineering texts are shown, Redbrowser.A it will pick one number from the list at random and send a SMS message to that number.

"The message sending function is in an infinite loop, so unless terminated by the user, it will send a constant stream of messages. Each of those message will be changed to the user's account," Niemela said.

A separate blog entry by F-Secure's Mikko Hypponen contains screenshots of Redbrowser infecting a Nokia 6630 cell phone.

"Some old Java viruses like Strangebrew do work on some Java phones, but RedBrowser is the first malware targeting Java phones on purpose," Hypponen said, noting that it is also the first mobile malware that tries to steal money.

"The threat is still very limited; this thing does not spread by itself, and we have no direct reports of anybody being hit by it in Russia [where the first reports were from]," he added.

Hypponen said the Redbrowser Trojan works on many low-end closed phones.

F-Secure has successfully tested it under Nokia 9300 (Communicator, running Symbian Series 80), Nokia 6630 (Symbian S60 smart phone), Nokia 5140i (low-end Series 40 phone).

"We've also heard it works under BlackBerrys with J2ME support. We will be testing it with Nokia 6310i—one of the first phones with Java support," he said.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Comments

Post a Comment

Popular posts from this blog

Does light have mass?

The short answer is "no", but it is a qualified "no" because there are odd ways of interpreting the question which could justify the answer "yes". Light is composed of photons so we could ask if the photon has mass. The answer is then definitely "no": The photon is a massless particle. According to theory it has energy and momentum but no mass and this is confirmed by experiment to within strict limits. Even before it was known that light is composed of photons it was known that light carries momentum and will exert a pressure on a surface. This is not evidence that it has mass since momentum can exist without mass. [ For details see the Physics FAQ article What is the mass of the photon? ]. Sometimes people like to say that the photon does have mass because a photon has energy E = hf where h is Planck's constant and f is the frequency of the photon. Energy, they say, is equivalent to mass according to Einstein's famous formula E = m
6 comments
Read more

Play against Xbox360 gamer on PC in Vista

Microsoft Corp. co-founder Bill Gates on Tuesday announced a cross-platform gaming service that integrates games played on cell phones, Xbox 360 consoles and the upcoming Windows Vista operating system. The "Live Anywhere" service will be available as part of Windows Vista, Microsoft's next-generation PC operating system. The consumer version is scheduled for release early next year. "It means that you have one online community," Gates said in a news conference. "This platform can really unleash developers to do amazing new things." The system would extend the company's existing Xbox Live service for the Xbox 360 console into millions of Internet-enabled PCs and cellular phones. No pricing information on the new service was announced. In recent months, Microsoft has been pushing a number of online services that it hopes will boost revenue as markets for its traditional software become increasingly saturated. The company expects to make money off s
9 comments
Read more

Hackers biting Apple

Hackers are increasingly focusing on Apple's Mac OS X, and the number of newly discovered vulnerabilities has surged. Such a switch could mean big implications for Apple's user base, which has traditionally not had to concern itself too much over security. It's been an impressively quiet year so far on the PC virus and worm front, and hackers seem to be focusing their attention elsewhere. One such area is Apple's Mac OS X. Once mostly ignored by malware developers, there appears to be a growing interest in this "alternative" OS. Details Have you noticed the dearth of serious PC virus and worm threats out there lately? Well, it isn't a figment of your imagination -- according to vnunet.com, viruses are no longer the top security threat . While serious attacks are still likely to emerge, the bottom has apparently fallen out of the PC antivirus market -- just as Microsoft begins a big push into the security market. One cause of this drop-off is solidif
6 comments
Read more