GFI Warns of Trojan Posing as Firefox for Android
The malware sends SMS messages to premium rate numbers.
Researchers at GFI Labs recently came across a malicious Android app disguised as the mobile version of the Firefox browser.
"The criminals are leveraging on Firefox for Android in relation to the official, non-beta release of the said Web browser on Google Play last June 26," GFI's Jovi Umawing writes in a blog post. "GFI VIPRE Mobile Security detects the malicious apps as Trojan.AndroidOS.Boxer.d."
"Three .APK files are currently known to be malicious: f7sleep45feed_installer.apk (183 KB), Firefox-install.apk (465 KB) and Mozilla_Firefox_Android_install.apk (388 KB), but the names and sizes can be changed at any given time," writes Help Net Security's Zeljka Zorz. "The malware in question is a variant of the Boxer Trojan which, once installed, covertly sends SMS messages to several premium rate numbers, then loads google.com."
"Researchers believe that this may be a tactic to make users think that the application is defective," E Hacking News reports. "They might download and install the fake software again, allowing Boxer to perform its malicious tasks more than once."
"Previously seen variants of Boxer informed users of the fact that by accepting a set of 'rules' they would be charged for sending SMS messages to premium numbers," writes Softpedia's Eduard Kovacs. "However, this particular version doesn’t give any details regarding its true purpose. Once the rogue application is installed, the malware quietly activates and sends an SMS to numbers such as 2855, 3855 or 8151."