By NICK BILTON
The adage “Be careful what you wish for” has a modern-day counterpart: “Be careful what you download.” Especially on your mobile phone.
The malicious software, which was discovered by Kaspersky Lab, an antivirus software company, is said to take advantage of Android phones after users install what appears to be a “harmless media player.” Once the file is installed the Trojan horse begins sending text messages to premium-rate phone numbers “without the owner’s knowledge or consent, resulting in money passing from a user’s account to that of the cybercriminals.”
Lookout, a security company specializing in mobile antivirus software, said in a blog post that the malicious program was the first Trojan horse developed exclusively for the Android platform. But it said the program would not affect Android phone users outside of Russian cell networks.
Security experts also noted that the infected application was not available in the Android Marketplace, the store used to download applications for the Android platform. Phone owners must explicitly change a setting on their phone to permit the installation of non-Marketplace applications.
Jay Nancarrow, a Google spokesman, said Android applications must get permission from the user before doing things like sending text messages or making phone calls.
“We consistently advise users to only install apps they trust,” Mr. Nancarrow said in a statement. “In particular, users should exercise caution when installing applications outside of Android Market.”