Mobile malware sends premium rate SMS messages

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Mobile phone malware sending SMS text messages

The world of mobile malware isn’t completely dormant.

Although we have been waiting almost ten years now for the dire predictions of some security companies to come true about the tidalwave of mobile malware waiting for us “real soon now”, there are still the occasional sightings of new malicious code which affects mobile phones.

These new mobile phone viruses are treated as something of a curiousity inside our labs, and analysts who normally spend all day examining mostly Windows-related malware may view it as a nice distraction from the run-of-the-mill malicious code.

Sign up to our free newsletter.
Security news, advice, and tips.

The latest example to arrive in SophosLabs is Troj/Konov-A, a Trojan horse that doles out SMS text messages to premium rate numbers (thus, apparently generating revenue for the perpetrators).

That means that the Trojan, which appears to originate from Russia, also costs the user money of course.

It’s apparent that Konov isn’t the first piece of malware to try such a trick. For instance, in March 2006 the Redbrow Trojan horse attempted to perpetrate a similar ruse but according to our friends at Moscow-based security company Kaspersky, Konov is also being spread via social networking websites like Vkontakte (a Russian Facebook-lookalike).

By the way, there is a significant security problem on mobile phones – but it isn’t primarily the malware issue. Although phone users (especially smartphone owners) should exercise caution over which programs they install, and what links they click on, from their device, the main security issue with phones is that users lose them. They leave them on trains, they slip down the back of cinema seats, or they get stolen while you’re in Starbucks.

If your phone is carrying information that might be useful to a criminal (and more and more of them do exactly that) then you best make sure that the information is properly secured behind a password and strong encryption, or potentially face the consequences.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.