New Android SMS Trojan Variant Distributed Through BHSEO

A new variant of the SMS trojan for Android-based devices is being distributed through poisoned search results as an adult content video player.

Early last month Kaspersky Lab discovered a trojan packaged as an .APK application for the Android smartphone operating system, which sent SMS messages to premium rate numbers without authorization.

Security researchers from the Russian antivirus vendor have now identified a new version of the same malware being distributed through black hat search engine optimization (BHSEO) techniques.

BHSEO involves artificially inflating the PageRank of malicious websites, with the purpose of pushing them at the top of the search engine results for particular keywords.

Scareware distributors commonly employ this method to poison search results related to current events with sites serving rogue antivirus programs.

"The code in the latest variant is similar to the first version and I'm pretty sure the same person (or group) is involved in creating and distributing this Trojan. It is currently targeting Android users in Russia," Denis Maslennikov, a Kaspersky Lab expert, notes.

"The use of SEO is a significant development that confirms our belief that mobile malware - especially on Android devices - is a potentially lucrative business for malicious hackers," he adds.

Each of the rogue SMS messages sent from the infected devices costs $6 and most likely add up to a nice profit for the people behind this operation.

Fortunately it's pretty easy to spot the trojan, as it displays an explicit icon and does not work as advertised.

In addition, during installation it asks for permission to send text messages, functionality that should not be required by video player.

"Android users should pay close attention to the services an application requests to access. Automatically permitting a new application to access every service it requests means you could end up with malicious or unwanted applications doing all sorts of things without requesting any additional confirmation," the Kaspersky researcher advises.