Virus writers hit Google Android phones

A malicious application that can steal cash via phones running Google's Android

operating system has been found.

The program poses as a media player but once installed starts sending premium

rate text messages.

The service being sent messages is operated by the malicious app's creator, who

scoops up the fees.

Discovered by Kaspersky Labs, it is believed to be the first booby-trapped

application for Android.

In a security advisory Kaspersky said that the fake media player was most

prevalent among Russian Android users. The risk to Android owners worldwide is

believed to be low.

'Trusted model'

In its advisory it said that the huge growth in the number of Android

applications was likely to make the phones tempting targets for criminals.

"We can expect to see a corresponding rise in the amount of malware targeting

that platform," said Denis Maslennikov, mobile research group manager at the

firm.

Simeon Coney, spokesman for mobile security firm AdaptiveMobile said

booby-trapped applications that run up big bills via premium rate numbers were

very common on other platforms such as Symbian.

Symbian is the most popular smartphone operating system, commonly used on

handsets built by Nokia and Sony Ericsson.

"There are a significant number of Java based mobile viruses that do exactly

the same malicious activity of sending out premium rate (i.e. reverse charge)

SMS," he said.

Like other mobile application stores, Google has a system in place that can

revoke malicious applications and stop them running on handsets.

"Our application permissions model protects against this type of threat," said

a spokesperson for Google.

"When installing an application, users see a screen that explains clearly what

information and system resources the application has permission to access, such

as a user's phone number or sending an SMS.

"Users must explicitly approve this access in order to continue with the

installation, and they may uninstall applications at any time.

The spokesperson said the firm advises users to "only install apps they trust".

"In particular, users should exercise caution when installing applications

outside of Android Market."