F-Secure detect Windows Mobile Trojan – InfoJack!

F-Secure Security Laboratory has spotted new Window Mobile Trojan – InfoJack, detected as Trojan: WinCE/InfoJack . This is a new kind of worm for mobile devices. According to F-Secure, there have long been malicious downloaders on PCs, but this is the first to be discovered for mobile devices.

InfoJack is a trojan effecting Windows Mobile devices that leaks information from the device to a home server when the device connects to the Internet. As a part of its activity, InfoJack alters the security settings on the device. This causes all software installations to complete without any warning of possible safety precautions.
Trojan:WinCE/InfoJack is a multiple part malware.

The first part is attached to many (.cab) installation files containing legitimate software such as games, mapping software, et cetera. InfoJack pretends to be an additional setup program. Once InfoJack has infected the device it waits for the device to make an Internet connection. When the device is connected, InfoJack connects to its home server and downloads additional parts for its functionality. While doing so, leaks information from the device to the server. As a component of its functionality, InfoJack changes the security settings on the device to allow all software installations to complete without any warnings.

InfoJack.A was discovered in February 2008.

On the device InfoJack.A installs following files:

* \windows\mservice.exe
* \windows\setup.cfg

Initial analysis indicates that InfoJack A attempts to download a zip file which contains at least the following:

* \windows\mservice2.exe
*

Just for your reference the InfoJack looks like

For more information, please contact:

Rupali Ghadge

CMCG India

Direct: 022-24450991

Mobile: 9920814835

Email: rupali.ghadge {at} cmcgindia(.)com

Hazel Hassan

F-Secure Corporation

Direct:+60322640366
Mobile:+60172724611
Email:hazlina.puspa.hassan {at} f-secure(.)com