The company “Doctor Web”, a leading developer of information security, announced that the previously known Trojan Android.SmsSend.27 now distributed under the guise of an application “Kamasutra for Android”. ”Dr. Web” has been repeatedly reported malware family Android.SmsSend .
Today in the Dr.Web virus database has more than 170 entries for the Trojans Android.SmsSend. Trojan Android.SmsSend.27, which was added to the virus database in June 2011, previously circulated under the guise of an application Jimm – mobile client ICQ. Now, the reincarnation of this malicious program is presented as malicious application “Kamasutra for Android”. But in fact it is still a Trojan, but with a slightly modified resources that allow virus writers to give any name to their creations.
However, the application title remained the same and points to the previous false guise of “configuration and installation of Jimm». As with the distribution of some early versions of the Trojan family (eg, Android.SmsSend.15), attackers placed on the website QR-code that contains a link that leads to this malicious program. With the help of specialized software installed in mobile devices, users can scan the code and download a Trojan.
This increases the potential for proliferation, because such code can be placed on any web site, and it contains a reference to still be on the malicious object. An interesting detail is to use the icons website, to spread this malicious program. In this case, the attackers have borrowed the icon of one of the antivirus programs.
Possible, so they wanted to instill greater confidence in users, or whether he just liked them. more suspicious detail is the form for entering your e-mail, which allegedly serves to subscribe to users on the news related to updating the application “Kamasutra for Android». Upon confirmation of address for a web site says a server error, which may be perceived by users as ordinary technical problem.However, if this form to place any text and confirm, you are still the same error. Given the nature of the whole site and distributed it to the malware, it can be assumed that this form can be used to collect email addresses and further maintenance of databases of spammers.