Redbrowser.A :: First J2ME mobile phone trojan!

Current:

Redbrowser.A

Go back to
NEWS MAIN

.: Symbian viruses :.

+ Skulls

+ Mabir

+ Locknut

+ Lasco

+ Cabir

+ Cabir.AA

+ CommWarrior.C

.:Related stories:.

+ F-secure found three new Cardtrap versions!

+ Phone book stealers

+ Mobile safety at your fingertips!!

+ Number of known Symbian trojans double in one day!!

+ Three new Symbian trojans in one day!!

Stay up to date
Get SF feed



	Name: Email: Website: Message: ..help..

+ Redbrowser.A trojan detected!

28 February 2006

Redbrowser.A
First J2ME mobile phone trojan!

photo by F-secure

F-secure have detected a new Trojan spreading on Symbian Series 60 smartphone devices.

Redbrowser.A is a J2ME based Java Midlet that sends SMS messages to premium rate numbers. It affects Symbian S60 devices. Apparently works on most phones with J2ME support (ie. hundreds of different phones). Sends SMS messages to Russian premium rate numbers to steal money from the user. First reported by Kaspersky Lab.

Redbrowser.A pretends to be a WAP browser that offers free WAP browsing using free SMS messages to send the WAP page contents. Actually Redbrowser.A sends SMS messages to expensive numbers, causing an increased phone bill to the user. Redbrowser.A contains a fixed list of ten phone numbers to which it sends the SMS messages. After Redbrowser.A has shown the texts, it picks a random number from the list and sends an SMS message to it.

Redbrowser.A claims to be sending free SMS messages as part of it's normal operation to fool the user to allow the application to use Java SMS capabilities in phones which require user acceptance before sending SMS messages.

The texts in Redbrowser.A are written in Russian, which limits it's spreading.

Although this is the first sample we've seen, there are probably other similar programs out there in the wild. It's a sign that virus writers are widening their reach, and no longer only targeting smart phones.

The Trojan is a Java application, a JAR format archive. The file may be called "redbrowser.jar", and is 54482 bytes in size.

The archive contains the following files:

FS.class - auxiliary file (2719 bytes in size)
FW.class - auxiliary file (2664 bytes in size)
icon.png - graphics file (3165 bytes in size)
logo101.png - graphics file (16829 bytes in size)
logo128.pnh - graphics file (27375 bytes in size)
M.class - interface file (5339 bytes in size)
SM.class - Trojan application which sends SMS messages (1945 bytes in size)

The user is able to de-install the Trojan by using the standard Install/ Delete application utility on the telephone.

Happily, this Trojan can be easily deinstalled by the user using standard tools.

Source: F-secure / Kaspersky

Author: Apocalypso

-=[ Click Here To Have Your Say On This Story ]=-

.:[ go back to news main ]:.

Trademarks
All trademarks and registered trademarks are property of their respective owners.

SYMBIAN and all SYMBIAN-based marks and logos are trade marks
of Symbian Software Limited. This website is not in any way endorsed or supported by Symbian Software Limited.

NOKIA and all Nokia-based marks and logos are trade marks
of Nokia Corporation. This website is not in any way endorsed or supported
by Nokia Corporation

Web

Symbian Freak