Home / malware Trojan:Java/SMSFakeSky.A
First posted on 11 July 2012.
Source: MicrosoftAliases :
Trojan:Java/SMSFakeSky.A is also known as HEUR:Trojan-SMS.J2ME.JiFake.gen (Kaspersky), Trojan.Java.Smssend.W (BitDefender), Java.SMSSend.780 (Dr.Web), Android/TrojanSMS.Boxer.AQ.Gen trojan (ESET), Generic FakeAlert!b2b (McAfee).
Explanation :
Trojan:Java/SMSFakeSky.A is a trojan that affects mobile devices with Java Platform Micro Edition support, such as those running the Symbian operating system. It tricks users into downloading potential malicious apps into the device, and into sending multiple SMS messages to premium numbers, incurring cost to the phone user.
Installation
Trojan:Java/SMSFakeSky.A has been observed disguised as a fake Skype app.
Payload
Sends SMS message without user consent
If you decide to confirm, Trojan:Java/SMSFakeSky.A sends an SMS message to a premium number without your consent.
When run, Trojan:Java/SMSFakeSky.A may display something similar to the following:
Note that the text in the figure above translates as: 69 seconds remains until the end of the installation. To speed up installation process, click Next.
The purported download stops at 31 percent and you are asked to press the Next or Continue button. If you click Next, t displays the following screen, saying that activation has been completed and that you can now download a certain file:
Note that the text in the figure above translates as: The installation is complete, to run SKYPE click download <URL>
Trojan:Java/SMSFakeSky.A then sends SMS messages to premium numbers. In addition, the link may be to a malicious file.
Additional information
Trojan:Java/SMSFakeSky.A may display the following terms and conditions:
Analysis by Zarestel Ferrer
Last update 11 July 2012
