A software developer has released a new variant of a free Windows Mobile spyware application, which is capable of stealing call logs, SMS messages, contacts, appointments and even track people via GPS.Chet Striker, the creator of the program, which he dubbed Phone Creeper, advertises it as a phone espionage suite and judging but the feature set, that's an accurate description.
Mobile spyware is not a new concept. There are already various programs out there, which fall comfortably into this category. However, what makes Phone Creeper different is that it's free.
The application can be installed by copying it to an SD memory card and inserting it into a phone. No other interaction from the user is required.
Once installed, Phone Creeper will not appear under installed programs and its processes will be hidden. At the moment it works on Windows Mobile 5 to 6.5, but according to Striker, a port for Android is almost ready.
Amongst many things, the application allows an attacker to get the call and SMS history, even after it was cleared, to enable call blocking and redirecting, as well as copy contacts, tasks, appointments, phone info and GPS location.
Everything can be uploaded to a remote FTP server defined by the attacker and the program can also bounce SMSs and calls to specified number for eavesdropping purposes.
The newly released 0.95 version, fixes some GPRS issues and adds FTP commands, as well as a revamped remote locking feature.
Striker claims that he developed this as a challenge, to see if it could be done and noted that he uses it to control his own phone remotely.
However, he acknowledges that it can be used for malicious purposes. "This is just a tool, it can be used for good or bad depending on the intent of the user. For me this is just an exploration of what can be done," he writes.
Nevertheless, the risk of abuse is very real. Back in June, we reported that fifty people were arrested in Romania for using a similar, but commercial, smartphone application to spy on their lovers and business partners.
Some antivirus vendors, like F-Secure have already added detection for Phone Creeper to their mobile security solutions.
"Striker doesn't seem like a bad guy in our book, but a silently installing espionage suite should be detected by a security suite, the author's motives aren't as important as what the tool actually does," the F-Secure researchers note.