A harmful piece of malware that has long been affecting Android smartphone users in China and Russia is apparently now targeting customers in western Europe and North America.
Detected by the security firm Kaspersky Lab, the Trojan has been found hiding inside pirated versions of SuiConFo, a legitimate Android app that monitors SMS and data usage.
SuiConFo is in the official Android Market, and was released by a French Android app developer using the name "Alou." By contrast, the pirated version has been found only on file-sharing websites.
SecurityNewsDaily spoke with Alou, who assured that his app, purchased from the Android Market, is "absolutely not malicious. It doesn't send SMS, it doesn't share your data, and its only purpose is to help people track their plan in real time."
"It is safe to get my app from the Market, which is a trusted source. And since it's a paid app, it should be the only way to get it," Alou said. "People downloading my app on Direct Download Links (DDL) websites like Mediafire cannot trust what they get."
Alou added that SuiConFo has a 4.2 star rating on the Android Market, and has received "no complaints about any premium SMS being sent by it."
Kaspersky Lab identified the sneaky Trojan embedded inside the phony version of SuiConFo as Trojan-SMS.Android.OS.Foncy, and said once its installed, Foncy begins a covert hijacking campaign that can wreak havoc on affected Android phones.
Researcher Denis Maslennikov wrote on Kaspersky Lab's Securelist blog that the Foncy Trojan sends four premium-rate text messages to numbers in France, Belgium, Switzerland, Luxembourg, Canada, Germany, Spain and the U.K.
As it sends these expensive texts without the phone owner's knowledge, and runs up the victim's cellphone bill in the process, Foncy also rigs Android phones to receive text messages, which it blocks the user from seeing.
"Yes, these SMS Trojans don't target either Russian or Chinese smartphone users," Maslennikov wrote, noting a significant shift in malicious Android apps, which have been a threat to users in these countries but are not often seen targeting Android customers in the West.
Shifting their bull's-eye to wealthier countries is a natural progression on the part of cybercriminals, and will likely continue, Maslennikov wrote, as Android smartphones continue to dominate the mobile market.
"Unfortunately, today SMS Trojans are one of the easiest ways for cybercriminals to make easy money fast," he wrote. "Malicious use of premium-rate SMS services is spreading around the world, and I'm pretty sure it's not going to stop any time soon."