Malware descriptions

Indonesian Trojans redux

Just a couple of weeks ago we blogged about Symbian malware in Indonesia – Trojans that use SMS messages to transfer money from the user’s account to a cyber criminal’s account.

We’ve just detected a new malicious program with a similar payload: Trojan-SMS.J2ME.GameSat.a. As you can guess from the name, it’s targeting phones running J2ME – this move really widens the pool of potential victims (and the potential profits!)

The Trojan passes itself off as an app offering fun features like chat and dating – but once it’s launched, it sends an SMS to 151, the same number used by the last lot of Trojans. Of course, it doesn’t tell the user that the SMS is going to cost 5000 rupiah (0.45USD), and there’s no indication that this money is going straight from the user’s account into the cyber criminal’s account.

So that’s 6 new pieces of mobile malware in the space of just over two weeks, a move from Symbian to J2ME, and a clear financial motive behind the attacks. We await developments…

Indonesian Trojans redux

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox