In many countries mobile providers allow their clients to transfer money, specifically credit that can be used by the recipients on their own phones, from one mobile number to another. This is useful when you need to communicate with someone who does not have enough money in their account. Indonesia is one country where such transfers are popular.
One Indonesian mobile provider allows customers to transfer money/credit from account to account by simply sending a text/sms to number 151 with the following text: TP . Malware writers in Indonesia appreciated this chance to make some money.
We found 5 new Trojans over the past week which send such money transfer requests to 151 – without the permission or knowledge of the phone’s owner. All 5 Trojans are written in Python and work on Symbian: Trojan-SMS.Python.Flocker.ab, Trojan-SMS.Python.Flocker.ac, Trojan-SMS.Python.Flocker.ad, Trojan-SMS.Python.Flocker.ae, Trojan-SMS.Python.Flocker.af
The sums we have traced range from 5 000 to 10 000 Indonesian rupees (0.45 – 0.90 USD). Obviously the goal is to transfer large quantities of small sums in the hopes that while individual users might not notice the leak, the overall sum of transfers will be significant.
We have seen many attacks in Russia based on un-sanctioned sms/text messages to steal money. We were certain that the problem would spread – and it has. We will continue to monitor the situation and keep you posted.