Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Russia-based criminal mobile malware found

The first mobile malware designed to steal money has been detected, although security experts do not believe the Russian-based, proof-of-concept trojan poses a threat.

But the discovery of RedBrowser.A, the first virus to target mobile devices using Java, could signal the start of an alarming trend.

Not only is RedBrowser the first mobile threat to target mass-market phones - independent of so-called smart phones that use Symbian or Microsoft operating systems - but it also represents the first time cybercrime has served as a motivator, experts said.

"Although this is the first sample we've seen, there are probably other similar programs out there in the wild," Kaspersky Lab said today on the anti-virus vendor's weblog. "It's a sign that virus writers are widening their reach, and no longer only targeting smart phones."

Java application threats have the potential to infect hundreds of millions of devices around the world, McAfee said today in an advisory.

RedBrowser is a Java applet that fakes a mobile web browser that uses Short Message Service (SMS) rather than GPRS/3G to transmit web pages, experts said.

Users allegedly can visit Wireless Application Protocol (WAP) sites, even though they do not have a connection. To get connected, the trojan says it must send an SMS to transfer data.

However, the malware keeps sending the text messages to premium rate numbers – controlled by the hacker – and users are hit with a $5 to $6 charge per message. They only find out about the fees when they get their monthly phone bill, McAfee said.

Kaspersky Lab, which first reported the trojan, said RedBrowser targets subscribers of Beeline, MTS and Megafon, Russia's major mobile carriers.

But every mobile user should take notice.

"Mobile users are recommended to be cautious and not to download or launch unknown programs via the internet," the vendor said.

This is the second report of mobile malware in two days. On Monday, the Mobile Antivirus Researchers Association reported the first-ever malware to cross-infect a desktop PC and a Windows wireless pocket device.

The proof-of-concept, file-destroying trojan, sent to the association anonymously, automatically spreads from a Win32 desktop to a Windows Mobile Pocket PC, the association said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.