Malware descriptions

Mobile thefts – using malware in Indonesia

In many countries mobile providers allow their clients to transfer money, specifically credit that can be used by the recipients on their own phones, from one mobile number to another. This is useful when you need to communicate with someone who does not have enough money in their account. Indonesia is one country where such transfers are popular.

One Indonesian mobile provider allows customers to transfer money/credit from account to account by simply sending a text/sms to number 151 with the following text: TP . Malware writers in Indonesia appreciated this chance to make some money.

We found 5 new Trojans over the past week which send such money transfer requests to 151 – without the permission or knowledge of the phone’s owner. All 5 Trojans are written in Python and work on Symbian: Trojan-SMS.Python.Flocker.ab, Trojan-SMS.Python.Flocker.ac, Trojan-SMS.Python.Flocker.ad, Trojan-SMS.Python.Flocker.ae, Trojan-SMS.Python.Flocker.af

The sums we have traced range from 5 000 to 10 000 Indonesian rupees (0.45 – 0.90 USD). Obviously the goal is to transfer large quantities of small sums in the hopes that while individual users might not notice the leak, the overall sum of transfers will be significant.

We have seen many attacks in Russia based on un-sanctioned sms/text messages to steal money. We were certain that the problem would spread – and it has. We will continue to monitor the situation and keep you posted.

Mobile thefts – using malware in Indonesia

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox