Malware descriptions

Return of the Yxe worm

Just over a year ago Worm.SymbOS.Yxe appeared – this was the first malicious program for smartphones running Symbian S60 3rd edition which had a valid digital signature. From time to time subsequent versions of this worm appeared – the latest variant, Yxe.d was detected in July 2009.

Today we detected a new variant, Worm.SymbOS.Yxe.e, which also has a valid digital signature. Previous modifications of the worm:

  • Spread via SMS messages which contained a link to the worm
  • Used social engineering in order to trick victims
  • Harvested data about the smartphone from the device
  • Sent the harvested data to a cybercriminal server
  • Attempted to terminate third party applications designed for working with the smartphone’s file system or with active applications.

The latest modification does all of the above and more. It also:

  • Sends MMS messages containing a link to itself, and, attached, a black and white skull and crossbones image (Skuller, a Trojan which first appeared in 2004, also used a skull and crossbones)
  • Connects to a Chinese social networking site
  • Downloads files
  • Block the smartphone’s Software Manager, making it more difficult to delete the malware

We’re still analysing Worm.SymbOS.Yxe.e in detail – we’ll keep you posted.

Return of the Yxe worm

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2024

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Subscribe to our weekly e-mails

The hottest research right in your inbox