Russian phone Trojan tries to ring up charges
Malicious software can infect any cell phone that can run Java applications, not just more-advanced smart phones.
The Trojan horse was first spotted by Moscow-based Kaspersky Lab, which calls it RedBrowser. The malicious code poses as an application that promises people the ability to visit mobile Internet sites using text messages instead of an actual Net connection, Kaspersky said in a statement Tuesday.
Instead, the Trojan sends messages to certain premium rate numbers that charge between $5 and $6 per message, Kaspersky said. That could drive up the text message bill for mobile phone users in Russia on the Beeline, MTS and Megafon networks.
So far, Kaspersky has received only one sample of RedBrowser. It is a proof-of-concept Trojan and has not actually infected any handsets in the wild.
"However, other versions of RedBrowser, or similar programs, may well be circulating on the Internet," Kaspersky said. "RedBrowser is a sign that virus writers are extending their reach and no longer only targeting smart phones."
Other experts agreed, pointing out that previous cell phone pests targeted mostly smart phones.
"The (RedBrowser) threat itself is low risk and very specific to the Russian market, but it is an important proof of concept in the mobile space," a McAfee representative said in a statement. "It is the first threat aimed at feature phones using Java and therefore independent of either the Symbian or Microsoft operating systems for mobile phones."
The Trojan is a Java application, a JAR format archive. The file, called "redbrowser.jar", can be downloaded to the handset from the Internet, via Bluetooth or a PC link, Kaspersky said. The file can easily be removed from a phone using the standard application removal utilities.
Mobile phone users should be careful not to download or launch unknown programs, antivirus companies suggested.