The fraudulent apps would install a premium rate SMS Trojan that would rack up hidden charges on the user’s phone bill. The apps would lure customers into clicking on options that would send text messages to premium line numbers leaving the user to foot the bill. According to Lookout Mobile Security, the new threat called RuFraud has been found in an initial batch of apps on the Android Market that include horoscope apps, wallpapers, and game apps that pretend to be legitimate games like Angry Birds.What will happens if these threats are installed in your mobile devices? It will attempts to send text messages containing the string “798657” to premium-rate numbers using the infected device’s current default SMS Center (SMSC) by exploiting the Permissions function (android.permission.SEND_SMS), Capable of sending an affected user’s GPS location via HTTP POST, Opens several ports and connects to specific URLs to receive and execute commands from a remote user, Gathers information like International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI) numbers from infected systems, which is then sent to a specific site and Secretly forwards all incoming text messages to a remote user.
- ANDROIDOS_DROIDSMS.A: Came disguised as Windows Media Player.
- ANDROIDOS_DROISNAKE.A: Came in the form of a game known as Tap Snake.
- ANDROIDOS_GEINIMI.A: Came in the form of Trojanized apps hosted in certain third-party app stores in China.
- ANDROIDOS_ADRD.A: Comes in the form of a Trojanized wallpaper app.
- ANDROIDOS_LOTOOR.A: Trend Micro’s detection for Trojanized versions of legitimate apps like “Falling Down”.
- ANDROIDOS_BGSERV.A: Trojanized version of Android Market Security Tool, which was released to address the modifications done by AndroidOS_LOTOOR.A.