RedBrowser is a Java applet that fakes a mobile web browser that uses Short Message Service (SMS) rather than GPRS/3G to transmit web pages, experts said.
Users allegedly can visit Wireless Application Protocol (WAP) sites, even though they do not have a connection. To get connected, the trojan says it must send an SMS to transfer data.
However, the malware keeps sending the text messages to premium rate numbers – controlled by the hacker – and users are hit with a $5 to $6 charge per message. They only find out about the fees when they get their monthly phone bill, McAfee said.