The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

First SMS Trojan for Android

Kaspersky Lab Expert
Posted August 10, 15:29  GMT
Tags: Mobile Malware

I think the title of this post speaks for itself. Trojan-SMS.AndroidOS.FakePlayer.a passes itself off as a media player application. If the user chooses to install it, this icon with the name "Movie Player" will appear in the list of applications:

The malware sends SMS messages to two premium rate numbers 3353 and 3354, with each message costing approximately $5. It does this stealthily, without requiring any confirmation from the device owner.

During installation, the user is asked to allow this application to change or delete memory card data, send SMS and read the data about the phone and phone ID. This is a huge red flag - why does a simple media player require permission to send SMS messages? – and anyone who’s paying attention during the installation process will immediately be suspicious.

This flags up an important point: when installing a new program, you really should pay attention to which services the application requests access to. Automatically permitting a new application to access every service it requests means you could end up with malicious or unwanted applications doing all sorts of things without requesting any additional confirmation. And you won’t know anything about it.

Trojan-SMS.AndroidOS.FakePlayer.a is quite a development – yet another popular mobile platform, and one with an ever increasing market share is now being targeted by the bad guys. At the moment, although anyone’s device can be infected, the Trojan only causes losses for Russian users, and as far as we can tell, it’s currently not being spread via Android Marketplace.

In the past, though, we’ve seen plenty of local problems evolve to become global ones. And when we get malware that uses a new infection vector or targets a previously untouched platform, we know that sooner or later, there will be more on the way.


Oldest first
Threaded view

Stefan Tanase

2010 Aug 10, 21:35

Nice find, Denis!



2010 Aug 11, 13:23


Thnx :)


Eric Dorman

2010 Aug 10, 23:21


I thought the Android Security Architecture Model disallows apps from accessing the OS or any underneath phone data?

How can this SMS Trojan be able to access the owners Phone OS data?



2010 Aug 12, 17:09

Re: Question?

When user installs application smartphone the user will beasked to allow this application to send SMS and read data about the phone adn phone ID. If user allows it application gains these privileges


Eric Ross

2010 Aug 13, 00:04

Re: Re: Question?

You should revise this sentence

"It does this stealthily, without requiring any confirmation from the device owner."

Obviously it does require some interaction from the user. This should be a lesson, don't download software that you don't trust!


Monica Boyd

2011 Mar 05, 10:27

Security Tool

I think whenever any tool/utility is asking for some information as mentioned by Denis in this article, we should immediately stop installing that application. I also observed most of the people blindly accept Terms and Conditions without reading them. So it always good that we pay attention while downloading any softwares.
Monica Boyd

If you would like to comment on this article you must first

Bookmark and Share