UMU Mobile Security Banner
Home / Virus Definitions
J2ME/RedBrowser.A
Green Tick UMU Scan protects against this virus.
Threat Level:
Low
Type:
Trojan
SDB Version:
119
SDB Release Date:
29/08/2007
Description Date:
20/09/2007

What does this virus do?
This virus arrives on your phone disguised as an application that allows free Wireless Application Protocol (WAP) connections. When installed, this virus sends SMS messages to a specific number. The costs of all the SMS messages are charged to your phone bill. 

J2ME/RedBrowser.A is a Java 2 Micro Edition (J2ME) based Trojan that sends SMS messages to a specific number. The costs of the SMS messages are charged to the infected phone’s owner. It arrives inside a JAR archive. It disguises itself as an application that allows free Wireless Application Protocol (WAP) connections.
 
J2ME/RedBrowser.A affects phones that support java SMS functionality. This includes devices running Windows Mobile, Symbian 2nd Edition, and Symbian 3rd Edition platforms.
 
Here are screenshots of the Trojan being installed on a Symbian 3rd Edition device:

Screenshot of the installation of J2ME/RedBrowser.A on a Symbian 3rd Edition phone


Screenshot of security warning upon installation of J2ME/RedBrowser.A on Symbian 3rd Ed phone


Screenshot of J2ME/RedBrowser.A installed on a Symbian 3rd Ed. phone
 
Upon installation, it drops the following components:
 
FS.class
FW.class
SM.class
M.class
 
SM.class and M.class are the main components where SM.class handles the SMS sending functionalities. 
Once installed and executed, RedBrowser.A first displays its logo, which is a red moon.

Screenshot of J2ME/RedBrowser.A logo after installation on Symbian 3rd Ed. phone

It then displays a series of messages in Russian explaining that the user can also send free SMS messages through WAP.

Screenshot from Symbian 2nd Ed. phone showing Russian message


Screenshot of J2ME/RedBrowser.A message in Russina on Sym bian 2nd Ed. phone
 
It then asks the user to choose which service provider to use in sending SMS.

Screenshot of RedBrowser.A asking which service provider to use for sending SMS
 
J2ME/RedBrowser.A then continuously sends SMS messages to a specific number (1615). The message is composed of a random number from 0 to 9. Each message must be approved by the user before it is sent.

Screenshot of J2ME/RedBrowser.A attempting to send an SMS

Since the SMS sending routine is continuous, the user cannot switch to and use any other application in the device. The only recourse is to restart the device. 
 
J2ME/RedBrowser.A also displays a link to Russian website:

Screenshot of link to Russian website


Manual Disinfection 
 
  1. Reboot your device to kill malware processes.
  2. Go to the device’s Application Manager and remove/uninstall applications named “RedBrowser”.
  3. Scan your mobile device using UMU Scan and delete all files detected as J2ME/ RedBrowser.A
Virus Definitions

List of virus definitions
Report a new virus/spyware