A good deal of this year’s mobile malware was developed in China. And Chinese mobile malware tends to include stuff such as backdoors, password stealers and spy tools.
Knowing that Chinese malware likes to spy, we’ve been keeping an eye out for various functions, such as photo scraping. Stealing photos from a phone could be used for harassment and blackmailing.
We didn’t have to look for long. A member our Threat Response team just found something interesting in a Symbian malware sample.
Here are our analyst’s notes:
The code of Trojan:SymbOS/Spinilog.A (md5: b346043b4efb1e9834a87dce44d6d433) includes a class named CMyCameraEngine which inherits and implements the Symbian class MCameraObserver. This enables the trojan to receive control when an image has been captured with the camera. Spinilog.A then encodes the raw bitmap to a JPG, which it saves to the phone’s memory. This feature seems to still be unused and possibly incomplete as the constructor of the CMyCameraEngine class is not called in the code. Other data stolen by the trojan is more traditional such as the content and details of SMS and e-mail messages, phone call details and calendar and contact information.
So while this particular backdoor won’t yet steal your photos, it’s clear which direction we’re headed to.
Leave a reply