14 DAY TRIAL // Researchers from anti-virus vendor Kaspersky warn about a new threat targeting mobile users in the form of credit stealing trojans. The malicious applications initiate unauthorized requests to transfer credit from one phone to another.
Credit transferring allows one mobile subscriber to transfer funds to another number. The service is offered by many mobile phone operators around the world, but it is particularly popular in under-developed countries. “This is useful when you need to communicate with someone who does not have enough money in their account,” the Kaspersky analysts explain.
Because it is a common practice, operators from such countries always aim at simplifying the process through which credit is transferred between their customers. Such is the case in Indonesia, where a mobile phone service provider only requires a simple SMS being sent to a 151 number, in order to move credit from one account to another.
“Malware writers in Indonesia appreciated this chance to make some money,” the Kaspersky researchers note. “We found 5 new Trojans over the past week, which send such money transfer requests to 151 – without the permission or knowledge of the phone’s owner,” they warn on the company's Analyst's Diary blog.
The trojans, which are programmed in Python and run on the Symbian OS, are detected by Kaspersky Mobile Security as Trojan-SMS.Python.Flocker.ab, Trojan-SMS.Python.Flocker.ac, Trojan-SMS.Python.Flocker.ad, Trojan-SMS.Python.Flocker.ae, and Trojan-SMS.Python.Flocker.af.
One interesting aspect of this rather new form of malware attack is the attacker's effort of going undetected by transferring only small sums of money, varying between $0.45 and $0.90. “Obviously, the goal is to transfer large quantities of small sums in the hopes that, while individual users might not notice the leak, the overall sum of transfers will be significant,” the analysts explain.
Even though the incident is currently limited to a specific country, it has the potential of spreading, with other malware writers picking up on the idea. “We have seen many attacks in Russia based on un-sanctioned sms/text messages to steal money. We were certain that the problem would spread – and it has,” Denis Maslennikov, malware analyst at Kaspersky, writes. “We will continue to monitor the situation and keep you posted,” he concludes.
Another mobile trojan that circulated during March 2008 in China was holding the phones for ransom. The malware locked down devices and displayed a message on their screens that instructed the owners to transfer $7 to a specified account through a recharge card in order to regain control of their phones.