Researchers at F-Secure have uncovered a new Trojan threat aimed at users of Symbian smart phones.
And while a majority of the mobile device attacks discovered by the company (and others) over the years have fallen into the same category – malware variants written specifically to assail the Symbian OS, which is not widely used in the U.S. – the experts noted that the Trojan:SymbOS/Yxe.A aka “Sexy View” threat is interesting in that it is one of the first campaigns launched against Symbian’s newest handheld OS.
The Trojan, believed to have originated out of China, targets Symbian S60 3rd Edition phones, F-Secure said, and bears a very unique additional trait… it appears to be a legitimate, signed application.
“This is something we don’t see very often. There are spy tools and other privacy threats directed at S60 3rd Edition phones, but malware is still mainly an issue on S60 2nd Edition phones,” the company said in an advisory. “S60 3rd Edition uses a different binary structure than 2nd Edition, and then all 3rd Edition applications must be signed. What’s special about Yxe is that all evidence suggests it uses a valid Symbian Certificate.”
Being a signed application, the attack can gain privileged access, making its potential impact far more serious, the experts said.
One of the biggest roadblocks of mobile malware proliferation thus far has been the use of applications signing by device makers and service providers to prevent unapproved programs from being dropped onto users’ handhelds.
The attack has acquired the “Sexy View” and “Play Boy” nicknames based on the fact that the malware campaign is disguised as downloadable adult content.
To avoid infection, F-Secure recommended that S60 phone owners maintain a current list of valid security certificates, changing their application manager settings to require the electronic endorsements. At least three different variants of the attack have already been discovered, and the threats cannot infect older Symbian devices.
Once again, Symbian smart phone attacks are nothing new in the existing, relatively narrow library of reported mobile malware threats. However, as F-Secure points out, the emergence of “Sexy View” highlights the fact that the latest version of the OS is vulnerable, and that attackers are already focusing their efforts on exploiting it.
Mobile malware development may be evolving slowly, but, it is coming along with quiet consistency.
Stay tuned.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.