bill-swift - July 13, 2012
Last June, Mozilla finally launched Firefox 14 for Android. Now cyber criminals are taking advantage of this fact by spreading an SMS Trojan that's being disguised the web browser.
Experts from GFI have identified the malicious element as Trojan.AndroidOS.Boxer.d. It's currently making the rounds on Russia-based websites in various forms. Boxer was previously detected as a Trojan that informed users exactly what it was up to by having them agree to "rules" where they'd be paying a fee to send the SMS messages off to premium numbers.
This sneaky version of Boxer, however, hides its real purpose. Once installed, the malware sends SMS messages off to premium numbers like 2855, 3855 or 8151. Once the messages are sent, the user isn't redirected to the site where the actual app can be downloaded, as what previous Boxer versions did. Instead, it just redirects to Google.com.
If you think this is a flaw on the part of the malware authors, that's where you're wrong, because they might actually be a few steps ahead of you.
One of our researchers believed that this is probably an effort to make users believe that they have installed a dud app, thus, allowing them to download and install the fake app again, which, in turn, allows Boxer to send the premium SMS message multiple times.
-- Jovi Umawing, security researcher at GFI Labs
Sounds pretty devious, right? Avoid the possibility of getting duped by malware like this by downloading whatever apps you want from legitimate and official sites, like Google Play and the Android Market.