The U.S. Computer Emergency Readiness Team has raised an alert for an in-the-wild malware attack against Microsoft Windows CE powered mobile devices.
According to the US-CERT warning, the Trojan horse program is capable of disabling Windows Mobile application installation security.
The Trojan, dubbed WinCE/InfoJack by anti-virus vendor McAfee, has been programmed to hijack the infected device’s serial number, operating system and other information and upload it to a Web site controlled by the attacker.
“It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device’s security setting to allow unsigned applications to be installed without a warning,” McAfee said in a post on its Avert Labs blog.
The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games, McAfee said.
Here are some characteristics of the Trojan:
- Spreads via seemingly legitimate application installation files
- Installs as an autorun program on the memory card
- Installs itself to the device when an infected memory card is inserted
- Protects itself from deletion by copying itself back to disk
- Replaces the browser’s homepage
- Allows unsigned applications to install without warning
McAfee researcher Jimmy Shah said the ability to allow silent installations of unsigned applications can be used by the Trojan to auto update itself and open a backdoor on the mobile device for future malware installations.
The Web site associated with the Trojan is no longer accessible due in part to an investigation by law enforcement officials, Shah said.
The Trojan was first discovered in the wild in China.
The US-CERT is encouraging Windows CE users to install and run updated anti-virus software on mobile devices and use caution when downloading and installing applications.