Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev

New variants of premium rate SMS trojan 'RuFraud' detected in the wild

By Dancho Danchev | January 20, 2012, 12:07pm PST

Summary: Researchers from AegisLab, have intercepted several new variants of the infamous RuFraud premium rate SMS trojan.

Researchers from AegisLab, have intercepted several new variants of the infamous RuFraud premium rate SMS trojan.

How the infection takes place:

In order to earn money from the premium-rate SMS, the trojan will fake itself as a famous app, like Angry Birds; or downloader/installer of well-known softwares, it looks like ‘real thing’. Some of these kinds of apps appear on the third-party download sites, and some will repackage itself, post to the official Android Marketplace, and try to lure innocent people to install it.

The malicious attackers have bundled the premium rate SMS trojan into a fake copy of the popular app Angry Birds. Upon execution, the trojan seems permissions to sent SMS messages. Once the user confirms that the application is free to do so, the trojan will start sending premium rate SMS messages to multiple numbers outlined in AegisLab’s post.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Researchers spot scammers using fake browser plug-ins

Research: Spammers actively harvesting emails from Twitter in real-time

Topics

Researcher, Variant, Trojan Horse, SMS, Text Messaging/SMS/MMS, Spyware, Spyware, Adware & Malware, Telephony, Cellular Phones, Viruses And Worms, Consumer Electronics, Personal Technology, Online Communications, Security, Networking, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Full Bio
Disclosure
Contact

Vendor HotSpot

The 360° Conversation around Cloud Computing

TECH VISUALIZER brings the social conversation to life... powered by Brocade

Learn More »

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Using SMS Remote Administrator Console on a Windows 7 workstation

Ask a Question Start a Discussion

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

Just In

RE: New variants of premium rate SMS trojan 'RuFraud' detected in the wild

Stephen-B Updated - 23rd Jan

@tonymcs@... your only safe bet is to use WP 7 phones, as they are te only ones safe from this virus.

View in thread

Please Select
Please Select

0 Votes

+ -

RE: New variants of premium rate SMS trojan 'RuFraud' detected in the wild

Return_of_the_jedi 21st Jan

"Once the user confirms..." UAC ?

Reply
Flag

0 Votes

+ -

RE: New variants of premium rate SMS trojan 'RuFraud' detected in the wild

Stephen-B 21st Jan

Good thing WP7 protects the users from things like this. Crapple, and Gagged, crap OSs will allow this to harm users due to those OSs having crap for security, while WP 7 has much better security.

Reply
Flagged

0 Votes

+ -

RE: New variants of premium rate SMS trojan 'RuFraud' detected in the wild

radleym 21st Jan

@Stephen-B Still trying to pass yourself off as a security expert, eh sonny?
'Fraid not, as usual.

Reply
Flagged

0 Votes

+ -

RE: New variants of premium rate SMS trojan 'RuFraud' detected in the wild

Stephen-B 21st Jan

@radleym you're still a troll. Why haven't you been banned?. You do not add anything constructive, just thr typical ABM rants an insults. Are you that jerk RickK?

0 Votes

+ -

ANDROID, ANDROID TROJAN, THIS IS ANDROID

tonymcs@... Updated - 22nd Jan

Just compensating for leaving Android out of the title.

Funny how WP7 and Apple always get mentioned if there are problems, but in this case, they don't have to worry, do they?