July 26, 2014

Analysis of the Android Trojan

Jon Oberheide, the security expert who managed to get his hands on the first trojan for Android, has published an analysis of the code that gives us a better idea of the risk.

The APK clearly states that the application is requesting permissions to send SMS:

Permissions Requested: android.permission.SEND_SMS

This is a good reminder that you should be mindful of the list of permissions when you are installing an application. In this case, if you are installing a movie player, it should not need to send SMS messages. A few thing are clear from this analysis

  • It seems to be an amateur work created for the only purpose of getting traffic on a premium number.
  • Unless you are on a Russian network, it is unlikely that your provider will let you send an SMS to this number.
  • The app is not capable of spreading itself from phone to phone, it can only be installed by the user.

Again, not a whole lot to it. Since these are Russian SMS short codes, any non-Russian phones probably won’t be able to SMS that premium shortcode and therefore won’t incur the toll charges. It’s important to note that the application has no viral spreading capabilities nor command and control functionality. It simply relies on users being tricked into downloading, installing, and running the fake movie player application.

To conclude, nothing to be scared of. It is certain that as Android become more popular it will be the target for more dangerous applications, but if you take basic precautions like making sure to get your application from reliable sources and reading the list of permissions during the installation process, you, and your phone, will be safe.