'Sexy View' SMS malware targets Symbian devices
Signed, Sealed, Delivered (You're pwned)
Bad sorts have created a malware targeted at Symbian mobile phones that comes signed with an apparently valid Symbian Certificate.
Because it is signed the application can potentially gain privileged access, net security firm F-secure warns. The malware is also unusual because it is targeted at S60 3rd Edition phones, instead of the more common target of 2nd edition phones.
The Yxe-A Trojan originates in China and is packaged up with names such as "Sexy View" and "Play Boy", providing an indication that social engineering trickery plays a part in pushing the code. F-Secure describes the malware as a Trojan but other vendors describe it as a worm, in recognition of the discovery of what might be described as auto-spreading capabilities.
Security researchers at Fortinet report that the malware (which it calls the Yxes-A worm) harvests phone numbers from an infected device's file system, and repeatedly attempts to send SMS messages to these mobile numbers. These SMS messages direct surfers to a maliciously constructed website. When users of vulnerable devices "click" on the address in received messages, an attempt to download a copy of the malware will occur.
Fortinet adds that the malware gains information on the infected victim (such as serial number of the infected phone, subscription number etc) and posts this data to a remote server likely controlled by cyber criminals. It's unclear how many users have fallen victim to the attack or its ultimate motives.
Analysis of the malicious code remains ongoing. ®