Skip to main content

First J2ME Mobile Phone Trojan Spotted

Russian anti-virus specialist Kaspersky Lab has discovered evidence of the first mobile phone Trojan targeting J2ME (Java 2 Platform, Micro Edition) devices.

The sample Trojan, identified as Redbrowser.A, works on most phones with J2ME support, raising fears that malware writers are expanding the target beyond just Symbian-based smart phones.

Redbrowser.A is a J2ME-based Java Midlet that pretends to be a WAP (Wireless Application Protocol) browser that offers free WAP browsing.

Instead, once a phone is infected, the Trojan sends text messages to premium rate numbers, saddling the victim with exorbitant messaging charges.

The infected user gets charged between $5 and $6 for each text message sent by the Trojan, said Shane Coursen, Kaspersky Lab's senior technical consultant.

In an interview with eWEEK, Coursen said the Trojan, which was not found in the wild, is further proof that the mobile malware threat "is expanding rapidly."

Click here to read more about cell phone viruses.

"We now know that it's not only a threat to smart phones. All these regular phones that support J2ME are vulnerable and can become a major target," Coursen added.

The Redbrowser.A Trojan can be downloaded to the victim handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer, he said.

F-Secure, a Finnish anti-virus vendor, has issued updated virus definitions for the latest threat.

"The fact that Redbrowser claims to send free SMS messages as part of its normal operation, is to fool the user into allowing the application permission to use Java SMS capabilities in phones that require permission from the user before sending SMS messages. This claim of free service is a form of social engineering," said F-Secure researcher Jarno Niemela.

He said the social engineering texts are in Russian, which limits the Trojan only to Russian-speaking countries.

Read more here about the Cabir worm targeting smart phones.

Niemela said the Trojan contains a fixed list of 10 phone numbers to which it will send SMS messages.

After the social engineering texts are shown, Redbrowser.A it will pick one number from the list at random and send a SMS message to that number.

"The message sending function is in an infinite loop, so unless terminated by the user, it will send a constant stream of messages. Each of those message will be changed to the user's account," Niemela said.

A separate blog entry by F-Secure's Mikko Hypponen contains screenshots of Redbrowser infecting a Nokia 6630 cell phone.

"Some old Java viruses like Strangebrew do work on some Java phones, but RedBrowser is the first malware targeting Java phones on purpose," Hypponen said, noting that it is also the first mobile malware that tries to steal money.

"The threat is still very limited; this thing does not spread by itself, and we have no direct reports of anybody being hit by it in Russia [where the first reports were from]," he added.

Hypponen said the Redbrowser Trojan works on many low-end closed phones.

F-Secure has successfully tested it under Nokia 9300 (Communicator, running Symbian Series 80), Nokia 6630 (Symbian S60 smart phone), Nokia 5140i (low-end Series 40 phone).

"We've also heard it works under BlackBerrys with J2ME support. We will be testing it with Nokia 6310i—one of the first phones with Java support," he said.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Comments

Popular posts from this blog

Play against Xbox360 gamer on PC in Vista

Microsoft Corp. co-founder Bill Gates on Tuesday announced a cross-platform gaming service that integrates games played on cell phones, Xbox 360 consoles and the upcoming Windows Vista operating system. The "Live Anywhere" service will be available as part of Windows Vista, Microsoft's next-generation PC operating system. The consumer version is scheduled for release early next year. "It means that you have one online community," Gates said in a news conference. "This platform can really unleash developers to do amazing new things." The system would extend the company's existing Xbox Live service for the Xbox 360 console into millions of Internet-enabled PCs and cellular phones. No pricing information on the new service was announced. In recent months, Microsoft has been pushing a number of online services that it hopes will boost revenue as markets for its traditional software become increasingly saturated. The company expects to make money off s...

Web users to 'patrol' US border

A US state is to enlist web users in its fight against illegal immigration by offering live surveillance footage of the Mexican border on the internet. The plan will allow web users worldwide to watch Texas' border with Mexico and phone the authorities if they spot any apparently illegal crossings. Texas Governor Rick Perry said the cameras would focus on "hot-spots and common routes" used to enter the US. US lawmakers have been debating a divisive new illegal immigration bill. The Senate has approved a law that grants millions of illegal immigrants US citizenship and calls for the creation of a guest-worker programme, while beefing up border security. But in order to come into effect, the plan must be reconciled with tougher anti-immigration measures backed by the House of Representatives, that insist all illegal immigration should be criminalised. The issue has polarised politics and US society. Right-wing groups have protested against illegal immigrants, while ...

US says world safer, despite 11,000 attacks in '05

The U.S. war on terrorism has made the world safer, the State Department's counterterrorism chief said on Friday, despite more than 11,000 terrorist attacks worldwide last year that killed 14,600 people. The U.S. State Department said the numbers, listed in its annual Country Reports on Terrorism released on Friday, were based on a broader definition of terrorism and could not be compared to the 3,129 international attacks listed the previous year. But the new 2005 figures, which showed attacks in Iraq jumped and accounted for about a third of the world's total, may fuel criticism of the Bush administration's assertion that it is winning the fight against terrorism. Asked if the world was safer than the previous year, U.S. State Department Counterterrorism Coordinator Henry Crumpton told a news conference, "I think so. But I think that (if) you look at the ups and downs of this battle, it's going to take us a long time to win this. You can't measure this month ...