Skip to content

Export page to PDF
JAVA_SMSSEND.AB
Aliases: Trojan.Java.Smssend.X (FSecure), Java/SMSer.L (Authentium)
Malware type: Trojan
Destructive: No
Platform: Java mobile
Encrypted: Yes
In the wild: Yes

Overview


Infection Channel: Downloaded from the Internet

This Trojan poses as an installer of Skype for the Android platform.

It abuses premium service numbers.

Technical Details


File size: 30,073 bytes
File type: JAR
Initial samples received date: 30 Jun 2012

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting the following malicious websites:

  • http://{BLOCKED}roidl.ru/
  • http://{BLOCKED}mobile.net/midlets/12848_{random number}/skype52_installer.jar

NOTES:

This Trojan is a Java MIDlet that poses as an installer of Skype for the Android platform.

Upon execution, it displays the following user interface:

Pressing the left soft key of the mobile phone displays the following:

Pressing the right soft key redirects the phone's browser to the URL http://{BLOCKED}1.net/?u=1l4zi3m938o80vl.

It may send an SMS message to any of the following numbers, which in turn charges affected users according to the respective number's rate:

  • 1
  • 1151
  • 1161
  • 2855
  • 5373
  • 5537
  • 7099
  • 7151
  • 7204
  • 7250
  • 8887
  • 8926
  • 9151
  • 9685

The SMS message it sends contains the following text:

e@1b07961, e@f1036f, e@1187f5b

Solution


Minimum scan engine: 9.200
First VSAPI Pattern File: 9.224.06
First VSAPI Pattern Release Date: 30 Jun 2012
VSAPI OPR Pattern Version: 9.225.00
VSAPI OPR Pattern Release Date: 30 Jun 2012

Scan your computer with your Trend Micro product to delete files detected as JAVA_SMSSEND.AB. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

NOTES:
To delete the malware in your mobile device manually, select the malware file and delete it according to the device's specifications.


Did this description help? Tell us how we did.
Analysis By: Christopher Daniel So

Connect with us on