Home / malware Trojan:Java/Swapi.H
First posted on 26 October 2011.
Source: SecurityHomeAliases :
Trojan:Java/Swapi.H is also known as JS/Agent.3235 (Avira), Java.Trojan.SMSSend.G (BitDefender), Java.SMSSend.4 (Dr.Web), J2ME/TrojanSMS.Swapi.AC (ESET), Trojan-SMS.J2ME.Swapi.k (Kaspersky), JS/Downloader-Class.b (McAfee), Mal/Swapi-A (Sophos), TROJ_SWAPI.E (Trend Micro).
Explanation :
Trojan:Java/Swapi.H is a trojan that affects mobile devices with Java Platform, Micro Edition supported, and may arrive as a .JAR file installer named 'reg.jar'.
Top
Trojan:Java/Swapi.H is a trojan that affects mobile devices with Java Platform, Micro Edition supported, and may arrive as a .JAR file installer named 'reg.jar'.
On execution, it may attempt to send SMS messages continuously to a premium number. It uses a list of hard-coded numbers with their corresponding messages from a text file named 'inf', included in the package installer, to send these messages.
Below are some of the numbers the malware sends messages to:
- 3649
- 1171
- 7122
- 7122
Below are some examples of the messages it sends to these premium numbers:
- "xsosun"
- "vvapka"
- "xewap"
- "cwm4ik"
Analysis by Marianne Mallen
Last update 26 October 2011
