It’s no secret that trojans that misuse premium SMS services are one of the most prevalent problems in the mobile malware arena. However, the flood of “Lagostrod” and “Miriada” so-called free knock-offs of real games are peppered with code that sends text messages to premium services. Mikko Hypponen retweeted an estimate, based on comments to reddit, that the attackers could have made around $12,000,000.
According to Sophos’ Vanja Svajcer:
After more than a day on the market, the applications were pulled off by the Android Market security team. Google’s reaction has been quick, but not quick enough – at least ten thousand users downloaded one of the malicious apps from the list.
Much more information on the event in Vanja’s blog and in Sean’s blog for F-Secure.
I hope to see an apology from Chris DiBona for suggesting that anyone working for an AV company should be ashamed of themselves if they have a product for Android, Blackberry or iOS, but won’t be holding my breath.
(Yes, this is the sort of stuff I usually post to Mac Virus, but it’s not really Apple-related, I guess, so I think I’ll probably do more of it here.)
David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus
ESET Senior Research Fellow