RedBrowser Trojan Targets Java Phones

Security firms are warning of a new "in-the-wild" Trojan horse able to infect almost any mobile phone. Called RedBrowser, the Trojan targets both smartphones and earlier-generation handhelds running Java.

According to Moscow-based Kaspersky Labs, RedBrowser arrives in the guise of a new mobile Web browser designed to dupe users by offering free Internet browsing.

Rather than deliver on its promise, the nefarious Trojan actually sends text messages to premium-rate services, with users charged $5 to $6 per text message.

The Trojan can attack any device -- smartphone, PDA, or mobile phone -- that runs Java 2 Micro Edition (J2ME), Sun Microsystems' version of Java for consumer-electronics devices.

Target Audience

RedBrowser first appears on a device as a text message with an accompanying file attachment. After RedBrowser has shown the text and the user has opened the attached file, it picks a random number from its list and sends a text message to it.

The Trojan can be downloaded to a handset from the Internet, via a Bluetooth wireless connection, or from a computer. The good news is that it can be wiped from the handset using standard mobile-phone utilities.

On Tuesday, Kaspersky reported that it had received only a single sample of RedBrowser, which at this point is aimed at subscribers of Russia's major mobile carriers.

Security firm F-Secure has reported that the bogus browser was written primarily to target users in Russia, a fact that could limit its impact on users in the rest of the world.

Mobile Headache

While RedBrowser is a proof-of-concept Trojan, Kaspersky warned that similar programs might well be circulating on the Internet as virus writers extend their reach beyond smartphones.

Forrester Research analyst David Friedlander offered a similar take, noting that, until recently, most mobile malware was annoying but was not designed to make money. "This is a new type of attack that, while not yet widespread, could end up costing consumers and network operators," he said.

Should the Trojan spread, the large number of users with Java-enabled phones might end up haggling over reimbursements for bogus messaging charges. Friedlander estimates that there are some 100 viruses targeting mobile devices, none of them particularly dangerous at this point.

"This variant is only in Russia now, but it could work on any carrier network," he said. "I think we will see more attacks like this one, because it is an attractive money-making vector for malware writers and organized crime."