Home / malware Trojan:SymbOS/Cardtrap.AA
First posted on 21 June 2010.
Source: SecurityHomeAliases :
There are no other names known for Trojan:SymbOS/Cardtrap.AA.
Explanation :
Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.
Additional DetailsTrojan:SymbOS/Cardtrap.AA attempts to key system applications and third party products by installing several damaged files to the phone memory.
The trojan is distributed in a malicious SIS file with the name 'The Two Thrones-GAMELOFT.sis'. It is also able to install a worm on the phone's Multimedia Card (MMC).
F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.AA with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.AA is blocked before it can be installed.
Execution
On execution, Cardtrap.AA installs files from following Symbian malware:
€ SymbOS/Skulls.A € SymbOS/Blankfont.A
and tries to disable following system applications:
€ Application installer € Application manager € Browser € File manager € Bluetooth manager
The trojan also drops the following malware to device C: drive:
€ Trojan.BAT.KillAV.cg € Trojan-Dropper.Win32.QuickBatch.e
Payload
Cardtrap.AA installs following Windows malware:
€ Email-Worm.BAT.BWG.d
to the phone MMC card. The worm is installed with filename, icon and shortcut link that tries to fool user into clicking them.
DetectionF-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 45.Last update 21 June 2010
