Feeds

'Sexy View' SMS malware targets Symbian devices

Signed, Sealed, Delivered (You're pwned)

Secure remote control for conventional and virtual desktops

Bad sorts have created a malware targeted at Symbian mobile phones that comes signed with an apparently valid Symbian Certificate.

Because it is signed the application can potentially gain privileged access, net security firm F-secure warns. The malware is also unusual because it is targeted at S60 3rd Edition phones, instead of the more common target of 2nd edition phones.

The Yxe-A Trojan originates in China and is packaged up with names such as "Sexy View" and "Play Boy", providing an indication that social engineering trickery plays a part in pushing the code. F-Secure describes the malware as a Trojan but other vendors describe it as a worm, in recognition of the discovery of what might be described as auto-spreading capabilities.

Security researchers at Fortinet report that the malware (which it calls the Yxes-A worm) harvests phone numbers from an infected device's file system, and repeatedly attempts to send SMS messages to these mobile numbers. These SMS messages direct surfers to a maliciously constructed website. When users of vulnerable devices "click" on the address in received messages, an attempt to download a copy of the malware will occur.

Fortinet adds that the malware gains information on the infected victim (such as serial number of the infected phone, subscription number etc) and posts this data to a remote server likely controlled by cyber criminals. It's unclear how many users have fallen victim to the attack or its ultimate motives.

Analysis of the malicious code remains ongoing. ®

Internet Security Threat Report 2014

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.