Malware descriptions

Trojan for handsets which run Java applications

We’ve just received a new sample – a program called RedBrowser, a Trojan for mobile phones which can run Java applications (JME2). This means that it’s not just smartphones that are potentially infectable, but most modern handsets.

It presents itself as a program which will allow the user to visit WAP sites without a WAP connection. However, the Trojan actually sends SMSs, not to other users, but to premium rate numbers. The user gets charged $5 – $6 for each sms sent.

Happily, this Trojan can be easily deinstalled by the user using standard tools.

Although this is the first sample we’ve seen, there are probably other similar programs out there in the wild. It’s a sign that virus writers are widening their reach, and no longer only targeting smart phones.

Trojan for handsets which run Java applications

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox