Symbian malware takes money from phone
Hackers have discovered a new way to steal your money: texting it out of your phone.
Security vendor Kaspersky Lab says it has spotted new variants of a Trojan horse program that do just that, by taking advantage of a feature that lets mobile-phone users in Indonesia use SMS (Short Message Service) text messages to transfer money in their mobile accounts from one phone to another.
The software is a variant of the Trojan-SMS.Python.Flocker malware, originally written by Russian fraudsters. This software had been used to sign unwitting victims up for expensive mobile services such as ringtones, presumably with the program's authors getting a healthy kickback. "It seems like some Indonesian guys had a look at this stuff and thought, 'Hey, we could do this in Indonesia,'" said Roel Schouwenberg, an antivirus researcher with Kaspersky.
For the attack to work, the victim must first be tricked into downloading the Python.Flocker program onto a Symbian-based mobile phone. Once installed, the software uses a feature available to Indonesian mobile-phone users that lets them send a short SMS message to another subscriber that transfers the money into their account. The Trojan transfers the equivalent of between US$0.45 and $0.90, depending on which version of the program is installed.
The Symbian operating system is used in phones made by Nokia, Motorola, Samsung and Sony Ericsson, among others.
Criminals have created banking Trojans for the PC that silently transfer money during online banking sessions, but this is the first time Schouwenberg has seen this type of behavior on a mobile phone.
Schouwenberg did not know which Indonesian mobile service provider was targeted in this attack.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
cell phone
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
