SymbOS/SpyPhone.A!tr

Rather than a virus, "Spyphone" is a Trojan Horse: Although it is nocive to the host system, it does not self-replicate, and therefore does not attempt to propagate to other systems. Its goal is to conduct various spying operations on the infected device (including monitoring incoming calls), on behalf of the individual who sent it to the victim. It affects cell phones operating Symbian OS S60.

Being a Trojan Horse, "Spyphone" does not have an automated infection routine: an attacker has to actively send it to the selected victim(s), on the form of an installation file (in a MMS, via bluetooth, via an infected memory card, etc...). Upon execution of this file, the victim is prompted with the following message: "Install Sysapp? Yes / No". Selecting "Yes" will lead to the definitive infection,

The following are files created by "Spyphone" and can be found using a file manager application:
C:\system\apps\SysApp\SysApp.aif (1,581 Bytes)
C:\system\apps\SysApp\SysApp.app (13,504 Bytes)
C:\system\apps\SysApp\SysApp.rsc (91 Bytes)
C:\system\apps\SysApp\SysApp_caption.rsc (43 Bytes)
C:\EMCC\Exes\NVG.exe (1,616 Bytes)
C:\EMCC\Exes\NVG1.exe (2,524 Bytes)

Install FortiClient Mobile: here

[ Back to main page ]