Home / malwarePDF  

Trojan:Java/Fakebrows.A


First posted on 11 July 2012.
Source: Microsoft

Aliases :

Trojan:Java/Fakebrows.A is also known as HEUR:Trojan-SMS.J2ME.Agent.gen (Kaspersky), Trojan.Java.Smssend.X (BitDefender), Java.SMSSend.780 (Dr.Web), J2ME/TrojanSMS.Agent.CT trojan (ESET), SymbOS.Fakemini (Symantec).

Explanation :



Trojan:Java/Fakebrows.A is a trojan that affects mobile devices with Java Platform Micro Edition support, such as those running the Symbian operating system. It tricks users into downloading potential malicious apps into the device, and into sending multiple SMS messages to premium numbers, incurring cost to the phone user.



Installation

Trojan:Java/Fakebrows.A has been observed disguised as the following apps:

  • Opera Mini browser:



  • ICQ mobile application:



  • Internet Explorer:





When run, Trojan:Java/Fakebrows.A may display something similar to the following:



Note that the text in the figure above translates as: You agree with the download of Opera Mini 6.5. To continue the download, click on.



Payload

Sends SMS message without user consent

If you decide to confirm, Trojan:Java/Fakebrows.A sends an SMS message to a premium number without your consent.

It then displays the following screen, saying that activation has been completed and that you can now download a certain file:



Note that the text in the figure above translates as: Installation - Thank you for activating the app! - Link to your file: <URL>

In cases where the app uses the Internet Explorer icon, if you click on the link to the file, the purported download stops at 31 percent and you are asked to press the Next or Continue button:



Note that the text in the figure above translates as: 69 seconds remains until the end of the installation. To speed up installation process, click Next.

If you click Next, Trojan:Java/Fakebrows.A sends SMS messages to premium numbers. In addition, the link may be to a malicious file.

Additional information

Trojan:Java/Fakebrows.A may display the following terms and conditions:





Analysis by Zarestel Ferrer

Last update 11 July 2012

 

TOP

Malware :

Family: