The recently news about first Android virus, links: http://pocketnow.com/android/first-android-virus , Kaspersky Vireus News http://www.kaspersky.com/news?id=207576152, Lookout http://blog.mylookout.com/2010/08/security-alert-first-android-sms-trojan-found-in-the-wild/#comments.

    Thanks for contagio, offers the sample.

    After both disassembling and runtime analysis, one malicious behavior is observed. It sends SMS messages to '3353' or '3354' with text '798657' once launched for the first time. After that it remains silent. This may cost money if 3353 or 3354 is available in that country.

    There are already some static analysis available on Internet, like here http://www.alienvault.com/blog/jaime/Malware/Analysis_of_Trojan-SMS.AndroidOS.FakePlayer.a.html, we do a bit differently. If we slightly modify its behavior, change destination number from 3353 to 5556(emulator number)
and assemble back to apk. We can simulate the user who receives the SMS, see below:
 (More)