Home / malwarePDF  

Trojan:Java/SMSer.T


First posted on 13 October 2011.
Source: SecurityHome

Aliases :

There are no other names known for Trojan:Java/SMSer.T.

Explanation :

Trojan:Java/SMSer.T is a trojan that affects mobile devices with Java Platform, Micro Edition supported using the application name 'CanvasFormMIDlet MIDlet Suite'.


Top

Trojan:Java/SMSer.T is a trojan that affects mobile devices with Java Platform, Micro Edition supported using the application name 'CanvasFormMIDlet MIDlet Suite'.

Trojan:Java/SMSer.T arrives as .JAR file installer named 'photo.jar'.

Once installed, it will display the following text in Russian:

"Почти гоÑ‚ово..."

"Ссылка на дистрибутив пÑ€иложения пÑ€идеÑ‚ в оÑ‚веÑ‚ном SMS в Ñ‚ечение 5 минут. ПеÑ€ейдиÑ‚е по полученной ссылке и скачайÑ‚е пÑ€иложение."

Which translates to:

"Almost ready... "

"a reference to the application distribution package will come [via] SMS within 5 minutes. Click on the link provided and download the application."

If the user clicks on the link, the trojan will appear to download a package, when in fact this is executing the trojan's payload and initiates the sending of SMS's to a premium number.

When it runs in the background, it sends SMS messages without the user's consent. The SMS it sends to the Russian premium SMS short code number 3602 contains the string "503448915" which may charge the user without their knowledge.



Analysis by Marianne Mallen

Last update 13 October 2011

 

TOP