Honeymoon’s over, everyone: antiviral watchdog Kaspersky has spotted Android’s first, SMS-based trojan making the rounds in Russia. The devious little MS.AndroidOS.FakePlayer.a masks itself as a media player before invisibly shooting out expensive texts to premium numbers, earning cash for fraudsters.
Isolated instances of Android spyware were reported last year, but this infection marks the first significant sighting of malware on the platform. Kaspersky urges that “users pay close attention to the services that an application requests access to when it is being installed. That includes access to premium rate services that charge to send SMSs and make calls.”
UPDATE: We’ve received Google’s side of the story from a spokesperson there, who says:
“Our application permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user’s phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time. We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market.”
So, the trojan app’s fraudulent features must be consented to in some sense, though their malicious intent can’t be discerned from permissions requests alone. If it looks fishy that a media player would need SMS functionality, then maybe it is. Still, this ushers in new level of necessary caution when downloading Android apps. [Kaspersky Lab via The Register]