The Latest in IT Security

Trojan:Java/SmsSy.A targeting devices with Java midlet installed

24
Apr
2012

An SMS-sending Trojan, which targets mobile devices with Java midlet installed, has been circulating in Malaysia. Some victims reported that they have been receiving an SMS message which appears to be an update from Samsung.

samsung_update_trojan
A message that appears as an update from Samsung

But upon clicking the link, they are redirected to another link (http://mmgbu[…].com:90/[…].jar) that leads to a JAR file. This JAR file carries out the details for the malware to send SMS messages to multiple short numbers.

Upon execution, the Trojan would send three SMS messages (most likely to premium numbers) without the users? consent. The contents and recipient numbers are as follow:
– ?On GB? to 39914
– ?On DF? to 39914
– ?On HB? to 33499

Then, it will show a title of “HOT WEB DL” and images of ladies which are grouped into five selections: DANCE CLUB, BEACH GIRLS, FUNNY VIDEO, GT MODEL, and HOT CAM. Once the option is selected, it would send out SMS messages containing the string ?On (content)? to (number), where the contents could be:
– HB
– MODEL
– LY
– AV
– GA

These messages are later sent out to the following numbers:
– 33499
– 33499
– 36660
– 36660
– 36989

smssy_manifest
A file containing the details on message contents and recipient numbers

smssy_picladies
Images used by SmsSy.A

An analysis of another sample of the same Trojan revealed that this one was assigned with a different set of contents and recipient numbers:

smssy_manifest2
Another sample of SmsSy.A was assigned with different set of contents and numbers

smssy_picmtv
A different set of images used by SmsSy.A

We have properly rated the offending URL, and published the detection as Trojan:Java/SmsSy.A.

Sha-1: 75a91ac99cb5bc2a755d452393d29fa66a323c3f
Sha-1: bca72058af2a7ddb9577ecb9a61394a31aea5767

Blog post by – Jordan and Rauf

Leave a reply


Categories

SATURDAY, AUGUST 17, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks