On June 26, Mozilla has launched Firefox 14 for devices that run an Android operating system. Cybercriminals turned the event to their advantage and started masquerading an SMS Trojan as the popular web browser.
The malicious element, identified as Trojan.AndroidOS.Boxer.d
, is being advertised on a number of Russian websites and comes in various shapes and sizes, GFI experts inform
Previously seen variants of Boxer informed users of the fact that by accepting a set of “rules” they would be charged for sending SMS messages to premium numbers.
However, this particular version doesn’t give any details regarding its true purpose. Once the rogue application is installed, the malware quietly activates and sends an SMS to numbers such as 2855, 3855 or 8151.
Another difference, compared to older Boxer variants, is that once the SMSs are sent, the victim isn’t redirected to a website from which the legitimate app can be downloaded. Instead, it simply loads google.com.
Researchers believe that this may be a tactic to make users think that the application is defective. They might download and install the fake software again, allowing Boxer to perform its malicious tasks more than once.
The Trojan has been spotted posing as other apps as well, not just Firefox. When Instagram was launched on Google Play, Boxer was advertised as the popular photo sharing program.
Last week we learned that researchers came up with an innovative technology
that identified malicious apps directly on a website based on their behavior. Such mechanisms could be highly useful not only for market owners who want to keep their sites clean, but also for regular users.
However, until such systems become more widely implemented, Android fans are advised to download applications only from trusted sources, such as Google Play.
Also, be sure to check the permissions requested by a piece of software before installing it.