NEWS FROM THE LAB - Wednesday, March 29, 2006

First Trojan Spy for Symbian Phones Posted by Jarno @ 16:19 GMT


Today we heard of a rather interesting new Symbian malware application named Flexispy.A. It's a Symbian trojan spy that records information about the victim's phone calls and SMS messages, then sends them to a remote server.

What makes this interesting is that Flexispy.A is a trojan spy written by a company for commercial reasons. The company claims that it's a useful tool for catching a cheating spouse. By installing the application on the phone they can monitor to whom the victim is calling and what SMS messages he or she is sending. The company even claims that Flexispy is not a trojan.

However, this application installs itself without any kind of indication as to what it is. And when it is installed on the phone it completely hides itself from the user. So the application could easily be used by malware installing it as part of its payload, or a hacker could simply send it to a victim over Bluetooth and trust that there are enough curious people to install it.

Not to mention the fact that spying on people's private communication is illegal in most countries around the world. And the fact that all of the information is stored on the FlexiSpy servers, puts the company in a rather interesting light.

So yes, FlexiSpy is indeed a trojan and we have added the detection to our F-Secure Mobile Anti-Virus so that any user who has a phone that has been infected with this trojan will get a warning that someone is spying on them.