McAfee has detected the J2ME/RedBrowser.a Trojan coming from Russia that targets PDA devices. J2ME/RedBrowser.a has been considered Low-Profiled as it represents a new Proof of Concept (POC) for premium-rate SMS fraud on a variety of mobile platforms. The Trojan is also known as Trojan-SMS.J2ME.RedBrowser.a (Kaspersky).
J2ME/RedBrowser.a pretends to access WAP Web pages via SMS messages, but instead of retrieving WAP pages, it sends SMS messages to Premium Rate numbers thus costing the user more than anticipated.
J2ME/RedBrowser.a arrives in a JAR file named “redbrowser.jar” and is currently known to run on the Nokia 6681, Sony-Ericsson W800i and Blackberry 8700c.
The following text (translated from Russian) is displayed on startup:
“Carefully read following description of RedBrowser program.This program allows viewing WAP pages without GPRS connection.
RedBrowser connects to SMS server of your operator (MTS, BEELINE, MEGAFON).
Page is loaded by receiving encoded SMS. First 5 Mb (650 SMS) of traffic are provided free of charge in test mode. ATTENTION!!! Program RedBrowser works ONLY on above mentioned cellular operators.”
McAfee said that the SMS sending does not appear to function completely in the United States and assumes this may be due to the numbers dialed being local to Russia.
J2ME/RedBrowser.a appears to have been written using the MIDletPascal programming tool. The malware will not install on the P900 due to its use of a restricted API.
This malware requires that the user intentionally installs it upon his mobile phone. McAfee has advised users to by no means to install unknown or un-trusted software. This, the company said, is especially true for illegal software, such as cracked applications, as they are a favourite vehicle for malware infection.