Trojan SMS Found on Google Play

I’m not quite sure how this one slipped under Google Play’s radar, but a SMS Trojan app with the package name claims to be a download for wallpapers, videos, and music was actively on the Google Play store until November 13, 2014.



The Trojan tricks its victims by requesting permission to send premium SMS messages in exchange for downloaded content.

This tactic has been seen since malware started appearing on Android devices.  If you visit the developer’s website from the link provided on the Google Play page, it takes you to a page with two banners and a couple of links.


The two banners advertise downloadable content.  To receive the content, the user must send a text message to a premium SMS number.  By doing so, the user subscribes to a daily feed at the price of 12 Thai Baht, or 37 cents in USD, per day.

Translations of the two banners:

** FILE ** off and click it . Type P1 and send to 4872035 Subscribe to daily : 12 baht / SMS / day .

** Video ** backdoor to do Print Send to 4,872,034 V1 Subscribe to daily : 12 baht / SMS / day . 

There is also a link to a fake terms of service.




Terms of Service   Before applying for The applicant has agreed and understood all the details and rates .   And the applicant agrees to receive free SMS on the remote via the provided services . Procedures for Service Video Tip : Type V1 send to 4872034 ( Registered at 12 baht / b c / d) . Tiffani Thiessen : Type P1 send to 4872035 ( Registered at 12 baht / b c / d) . Cancellation of Service Print “STOP” to deliver services such as video clips, secret – stop print send to 4872034 .   For more details on 02 658 5887 (9:00 – 18:00 pm . , Monday – Friday) .

Google Play has been notified of the existence of this SMS Trojan.

The last update of this app was August 20th 2013, which was most likely the date it was added to the Play store.

Many variants of this Trojan have been seen that are not currently on the Play store.

We flag this Trojan and similar variants as Android/Trojan.SMS.Agent.

This is proof that Google Play isn’t perfect at alleviating all malware.

Nathan Collier


Nathan Collier

Full time mobile malware researcher, part time endurance athlete and world traveler. As nerdy about traveling as he is about mobile malware.