Anti-virus company McAfee has identified a mobile proof-of-concept Trojan, known as RedBrowser.A, in Russia. The Java applet pretends to be a mobile Web browser that uses SMS rather than GPRS or 3G to transmit Web pages.
Users are asked to download, install and then activate the application, which will then automatically send a number of SMS messages to premium-rate numbers in Russia, incurring a charge for the user for each message (typically three to five euros per message).
The user will not be aware of this until they receive their phone bill at the end of the month, says McAfee.
'First of its type`
"This is the first such proof-of-concept of its type," says Justin Stanford, CEO of anti-virus firm Eset Southern Africa, producer of the NOD32 anti-virus system.
RedBrowser is the first mobile malware designed to steal money, reported techspot.com yesterday.
"The design is smart in that it can target large numbers of 'dumb` phones (versus smart phones) regardless of their brand, model or software, although from what I can tell, the phone will need to be no more than a few years old," Stanford adds.
Generating awareness
Stanford notes that it must be made clear that the Trojan is a proof-of-concept. "It`s something that`s been developed in a controlled lab environment in order to demonstrate the potential, and it`s not an actual threat currently circulating - though it does generate key awareness."
If RedBrowser became an 'in-the-wild` virus, Stanford believes South Africans would be at risk because many people are in a two-year contract upgrade cycle, and will have phones new enough to run the Java application.
"In almost every case, end-user intervention is required for malware of this type to function; for instance, the user will be asked to approve of its actions," he says.
Share
