According to Moscow based Kaspersky Labs, a new Trojan horse that is able to infect almost any mobile phone or PDA is in the wild. The Trojan called "RedBrowser" targets traditional mobile phones running Java as well as the newer generation of SmartPhones. The official name of the Trojan is Trojan-SMS.J2ME.RedBrowser.a and claims to allow users who install this to browse WAP enabled sites without using a WAP connection. It is a Java application packaged as a .jar file that may be called RedBrowser.jar and is 54482 bytes in size.

The Trojan dupes users by offering free Internet browsing, but instead sends text messages to premium rate services, with users being charged as high as $5.00 to $6.00 dollars per message. RedBrowser can run on any new phone or PDA that runs Java 2 Micro Edition (J2ME), Sun Microsystems flavor of Java for mobile devices.

To date, the variant seems to be contained in Russia. However, security experts are concerned that a Trojan such as this could easily be written and circulated on the Internet, making a larger and more widespread problem for mobile users.

RedBrowser.a has been rated as a low-level threat by leading security companies, as there has not been a large-scale outbreak as yet. The Trojan does pose a threat to consumers though, as there is currently no malware protection available for cell phones with Java capabilities. Security applications are available for smartphones and PDAs, and users are encouraged to utilize them.

According to the alert posted by McAfee, the Trojan's text sending function doesn't work in the U.S. "We are currently assuming this is due to the numbers dialed being local to Russia," the alert read.

Should the Trojan spread, the large number of users with Java-enabled phones might end up haggling over reimbursements for bogus messaging charges. Friedlander estimates that there are some 100 viruses targeting mobile devices, none of them particularly dangerous at this point.

So far, the perpetrators or their motivation for creating the Trojan hasn’t been discovered. But it is an indicator that malicious code writers are expanding into mobile territory. Kaspersky, F-Secure, and McAfee all sell products aimed at protecting mobile users from worms, viruses and Trojans.