Trojan targets mobiles phones running Java applications

Trojan targets mobiles phones running Java applications

Kaspersky Lab, a leading developer of secure content management solutions that protect against viruses, Trojans, worms, spyware, hacker attacks and spam, has detected a new piece of mobile malware. Trojan-SMS.J2ME.RedBrowser.a is the first malicious program which infects not only smartphones, but any mobile phone capable of running Java (J2ME) applications.

The Trojan spreads in the guise of a program called "RedBrowser", which allegedly enables the user to visit WAP sites without using a WAP connection. According to the Trojan's author, this is made possible by sending and receiving free SMSs. In actual fact, the Trojan only sends SMSs to premium rate numbers. The user is charged $5 - $6 per SMS.

The Trojan is a Java application, a JAR format archive. The file may be called "redbrowser.jar", and is 54482 bytes in size. The Trojan can be downloaded to the victim handset either via the Internet (from a WAP site) or via Bluetooth or a personal computer. The archive contains the following files

  • FS.class - auxiliary file (2719 bytes in size)
  • FW.class - auxiliary file (2664 bytes in size)
  • icon.png - graphics file (3165 bytes in size)
  • logo101.png - graphics file (16829 bytes in size)
  • logo128.pnh - graphics file (27375 bytes in size)
  • M.class - interface file (5339 bytes in size)
  • SM.class - Trojan application which sends SMS messages (1945 bytes in size)

The Trojan can be easily removed from the victim handset using standard utilities already installed on the telephone.

So far, Kaspersky Lab has only received one sample of RedBrowser, which clearly targets subscribers of Beeline, MTS, and Megafon, Russia's major mobile service providers. However, other versions of RedBrowser, or similar programs, may well be circulating on the Internet. RedBrowser is a sign that virus writers are extending their reach, and no longer only targeting smart phones.

Mobile phone users are recommended to be cautious and not to download or launch unknown programs via the Internet.

About Kaspersky Lab

Kaspersky Lab (www.kaspersky.com) develops, produces and distributes secure content management solutions that protect customers from IT threats. Kaspersky Lab's products protect both home users and corporate networks from viruses, spyware, adware, Trojans, worms, hackers and spam. For many years now, the company has waged a battle against malicious programs, and in doing so has gained unique knowledge and skills that have resulted in Kaspersky Lab becoming a technology leader and acknowledged expert in the development of secure content management solutions. Today, Kaspersky Lab's products protect more than 200 million users worldwide and its technology is licensed by leading security vendors globally. To find out more about Kaspersky Lab, visit www.kaspersky.com.

28 Feb 2006