New Trojan Threatening Windows Mobile Pocket PCs

A warning was posted today on the McAfee Avert Labs Blog, announcing that a new Windows Mobile trojan was discovered, trojan that disables the Windows Mobile application installation security on Pocket PCs.

Named WinCE/InfoJack and discovered in China, the trojan was created by "a specific website" (its name was not revealed) and it retrieves the infected handset's serial number and other information, sending it to its author. Furthermore, it makes the infected Pocket PC vulnerable by allowing malware installation and modifying security settings. There are several features of WinCE/InfoJack that evidence its malicious purpose: it installs itself as an autorun program on your memory card, it cannot be deleted and copies itself back to disk, it replaces the mobile browser's homepage and it also allows unverified applications to be installed without warning.

What's odd is that WinCE/InfoJack came packed inside various legitimate installation files, distributed widely. The trojan reached users' devices via a collection of games, stock trading applications and even together with Google Maps.

As reported by McAfee, the maintainer of the website which spread the trojan said that the WinCE/InfoJack software was created only to collect information about what mobile devices are used by the website's visitors. Which would have been true if WinCE/InfoJack had notified the users about its installation and if it had come with an un-install option. And since it is not the case, it's clear that we have a Windows Mobile trojan.

The website we're talking about is no longer on-line (maybe this is why McAfee didn't make its name public in the first place), so there's little chance that any other users - besides those unlucky who "got malwared" - will be infected with WinCE/InfoJack. For the complete report on the McAfee Avert Labs Blog, click here.