Home / malwarePDF  

Trojan:SymbOS/Cardtrap.AA


First posted on 21 June 2010.
Source: SecurityHome

Aliases :

There are no other names known for Trojan:SymbOS/Cardtrap.AA.

Explanation :

Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.

Additional DetailsTrojan:SymbOS/Cardtrap.AA attempts to key system applications and third party products by installing several damaged files to the phone memory.
The trojan is distributed in a malicious SIS file with the name 'The Two Thrones-GAMELOFT.sis'. It is also able to install a worm on the phone's Multimedia Card (MMC).
F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.AA with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.AA is blocked before it can be installed.

Execution

On execution, Cardtrap.AA installs files from following Symbian malware:
€ SymbOS/Skulls.A € SymbOS/Blankfont.A
and tries to disable following system applications:
€ Application installer € Application manager € Browser € File manager € Bluetooth manager
The trojan also drops the following malware to device C: drive:
€ Trojan.BAT.KillAV.cg € Trojan-Dropper.Win32.QuickBatch.e
Payload

Cardtrap.AA installs following Windows malware:
€ Email-Worm.BAT.BWG.d
to the phone MMC card. The worm is installed with filename, icon and shortcut link that tries to fool user into clicking them.
DetectionF-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 45.

Last update 21 June 2010

 

TOP