For Sale: Trojan to Go

Tuesday, August 23, 2011 @ 01:08 PM gHale

There is now a commercial service that allows people to distribute a mobile Trojan and receive the data stolen by it.

“We’ve been reporting about several NICKISPY variants—Android malware that can monitor a mobile phone user’s activities and whereabouts like SMS, phone calls, and location—[…] and we’ve been curious as to how cyber criminals use private information and earn money from stealing it,” said researchers at Trend Micro, an antivirus and security software provider.

Malware Report: Watch Out for Fake Invoices
Report: Malware Tougher to Detect
Websites Hit with Injection Attack
ICS, SCADA Boot Camp 2.0

“Now, we have a clear example. We found a Chinese website that offers a mobile phone monitoring service. Once a customer decides to employ the service, he/she gets an account to log in to a backend server of the service, from which information gathered from a target device can be viewed,” they said.

The service’s customers have the ability to customize the Trojan and input the victim’s phone number. This will lead to a malicious MMS being sent to the targeted individual.

If the Trojan successfully deploys, the attacker can see the information sent back to the command and control service through the web portal. The stolen data includes SMS messages, phone calls, GPS location and email messages.

The service costs 2,000 – 3,600 Chinese yuan ($300 – $540), a high price by any standards, the researchers said. Giving the common corporate espionage practices in China, business users may be the target of the service.

The Trojan currently works on Symbian and Windows Mobile, but security experts are expecting an Android version to launched also, especially since Trojans with similar characteristics have been on Google’s platform.

“The spying business seems to be booming in the mobile threat landscape, as such, users are strongly advised to secure their devices and to make sure that there are no spying applications installed in them,” the researchers said.

Leave a Reply

You must be logged in to post a comment.