RedBrowser, the first mobile phone trojan

Nowadays, not only personal computers and servers can be infected with viral parasites. Regular mobile phones are also vulnerable. A few days ago, Kaspersky Lab, Russian antivirus software company, has discovered the first trojan targeting mobile phones supporting J2ME (Java 2 Platform, Micro Edition).

The new parasite, identified as RedBrowser, works on the greater part of popular widely used mobile phones. It pretends to be a special WAP browser that allows connecting on the Internet and visiting mobile sites for free by using specific SMS messages instead of a regular WAP connection. However, the trojan does not keep its promise. It does not access the Internet, but sends an unlimited amount of SMS messages to premium rate numbers. The victim gets charged between $5 and $6 per message.

RedBrowser uses social engineering techniques to trick people into using it. Once executed, it displays a text explaining how it can access the Internet. It also asks to choose a mobile operator. RedBrowser looks like a usual mobile Java application and may fool even experienced mobile users.

Fortunately, the trojan didn’t infect any mobile yet. RedBrowser cannot spread by itself, but can be downloaded from the Internet or via a PC link. Furthermore, its texts are in Russian, and its functionality is very specific to the Russian market. Nevertheless, the trojan is proof-of-concept. Its existence shows that other similar malware can quite successfully spread and infect regular mobiles, not only expensive smartphones.