New mobile Trojan swipes money via SMS

Kaspersky Labs, maker of a popular antivirus application, has detected a new malicious program capable of controlling a user's mobile phone account.

The Trojan called "SMS.Python.Flocker" is written in the scripting language Python, targets Symbian phones belonging to customers of an Indonesian mobile phone operators and is capable of sending SMS messages to a short number with instructions to transfer part of the money in the user's account to another account, which belongs to the cybercriminals.

The amounts transferred range from $0.45 - $0.90 for each SMS sent. The amount can quickly build up and if a large amount of phones were to be affected the amount could become quite substantial.

"Obviously, the authors of the Trojan want to make money," said Denis Maslennikov, a senior malware analyst at Kaspersky Lab. "It seems that the focus on financial fraud in the mobile malware industry will only get more pronounced over time. Until recently, many people thought that malicious programs that send SMS messages without the user's knowledge were a purely Russian phenomenon. Now we can see that the problem no longer affects only Russian users - it's becoming an international issue."
Kaspersky Lab recommends users to exercise caution when using a smartphone to browse the Internet and to keep antivirus databases up-to-date.

Report a problem with article
Previous Story

Lenovo's bizarre W700d advert

Next Story

China censors Obama's speech on TV and web

8 Comments

Commenting is disabled on this article.

This is one reason that I'm glad that most mobile phone providers in the US haven't implemented a "pay by phone" type thing. Yeah, it would be convenient to be able to get a drink from a machine by sending a message on my cell phone, but things like this show how easy it is for things to go wrong!

This Trojan Horse poses as an "Icq_Python" install file, in order to trick the targeted user into installing it. After the installation phase, it can be found in the menu like any legitimate application.


Running the program from the menu triggers the following actions:

  • The malware continuously sends SMS messages to a hardcoded, premium phone number
  • It deletes SMS messages fom the Inbox whenever the sender is the aforementioned number, probably in an attempt to mask the premium service reply to the infected user.

To remove: Delete all the dropped files with a file manager application and reboot the phone - or run FortiClient Mobile Security.

source

^ i think that is the point of this article, its automatic.

many people thought that malicious programs that send SMS messages without the user's knowledge were a purely Russian phenomenon

xXTOKERXx said,
^ i think that is the point of this article, its automatic.

many people thought that malicious programs that send SMS messages without the user's knowledge were a purely Russian phenomenon

Can't be automatic because, like I said, before Symbian's installer installs something you MUST approve it by saying "Yes, Install it"

xXTOKERXx said,
^ i think that is the point of this article, its automatic.

many people thought that malicious programs that send SMS messages without the user's knowledge were a purely Russian phenomenon

Can't be automatic because, like I said, before Symbian's installer installs something you MUST approve it by saying "Yes, Install it"