Android trojan hides behind QR code
A QR code has been found on a web site which directs users to Android malware. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the name in the URL, but it does redirect the browser to another site where the file jimm.apk
is downloaded. The file is a trojanised version of the Jimm mobile ICQ client, infected with Trojan-SMS.AndroidOS.Jifake.f
which sends a number of SMS messages to a $6 a message premium rate service.
These QR codes seem to only now be appearing online, although Kaspersky has noted J2ME-based versions of the malware being distributed via QR codes as well. In early September, there were discussions about how a QR code could be used to encourage users to install trojans onto their smartphones. The technique has been dubbed "Attaging" (Attack Tagging). QR codes are commonly used in Android application catalogues because they allow users to search for information about an application on a desktop PC and then use the phone's camera to scan the QR code to get the link to download the program. This avoids having to type the URL on the phone's keyboard.
(djwm)