Android Malware Alert: Boxer Trojan Being Spread as Firefox Browser

Gallery Icon

bill-swift - July 13, 2012

Last June, Mozilla finally launched Firefox 14 for Android. Now cyber criminals are taking advantage of this fact by spreading an SMS Trojan that's being disguised the web browser.

Experts from GFI have identified the malicious element as Trojan.AndroidOS.Boxer.d. It's currently making the rounds on Russia-based websites in various forms. Boxer was previously detected as a Trojan that informed users exactly what it was up to by having them agree to "rules" where they'd be paying a fee to send the SMS messages off to premium numbers.

This sneaky version of Boxer, however, hides its real purpose. Once installed, the malware sends SMS messages off to premium numbers like 2855, 3855 or 8151. Once the messages are sent, the user isn't redirected to the site where the actual app can be downloaded, as what previous Boxer versions did. Instead, it just redirects to

If you think this is a flaw on the part of the malware authors, that's where you're wrong, because they might actually be a few steps ahead of you.

One of our researchers believed that this is probably an effort to make users believe that they have installed a dud app, thus, allowing them to download and install the fake app again, which, in turn, allows Boxer to send the premium SMS message multiple times.

-- Jovi Umawing, security researcher at GFI Labs

Sounds pretty devious, right? Avoid the possibility of getting duped by malware like this by downloading whatever apps you want from legitimate and official sites, like Google Play and the Android Market.

Tagged in: gear ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.