The firm discovered a variation of MultiDropper.CG, a familiar PoC malware, containing SymbOS/Mobispy, a Symbian-based trojan targeting Nokia Series 60 devices.
The trojan's author did not create the malware from scratch, according to an Avert Labs blog post by Jimmy Shah. Instead, the malicious user built Flexispy into the malware-dropper.
The malware installs on a mobile phone, recording all incoming and outgoing SMS messages and phone numbers. It then bounces that information back to an account on a central server.
Malware and spyware both targeting mobile devices is worrisome, said Shah.
"Considering that data-stealing and other for-profit malware have made their entrance on mobile phones, it is worrisome to see spyware make its debut. Around eight months ago, a commercial remote phone monitoring application was released.
There was much speculation on how much time it would take for malware authors to integrate it into their own malware," he said. "We have seen malware authors create custom prototype code to implement new attacks, but it is interesting to see them purchase commercial spyware to do their job for them."
Click here to email Frank Washkuch Jr.
Avert Labs snags PoC mobile spyware
By
Frank Washkuch
on
Dec 12, 2006 6:38AM
Researchers from McAfee Avert Labs claim to have discovered proof of concept (PoC) spyware for mobile devices.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future

Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection