McAfee: Trojan targets Windows Mobile

McAfee: Trojan targets Windows Mobile

Summary: McAfee has unearthed a Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can't be uninstalled and makes itself your home page.According McAfee's Avert Labs blog, the Trojan has been discovered in China.


McAfee has unearthed a Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can't be uninstalled and makes itself your home page.

According McAfee's Avert Labs blog, the Trojan has been discovered in China. Here's how it works according to researcher Jimmy Shah:

WinCE/InfoJack sends the infected device's serial number, operating system and other information to the author of the Trojan. It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning.

The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games.

Considering the penetration of mobile devices in Asia this malware could raise quite a ruckus.

Shah reckons that WinCE/InfoJack was created by a web site that may have hired a hacker to create the malware and then distribute it. The Trojan installs as an autorun program on the memory card, installs itself when that memory card is inserted and can't be deleted. It also becomes your home page.

Update: US CERT also has a warning.

Topics: Mobile OS, Malware, Mobility, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Great

    Now in addition to the millions of zombie desktop PC we will have another several thousand zombie handhelds.
    Way to go M$!!!
    • Thank goodness Apple is coming out with its SDK

      Now you iPhonatics just may have the pleasure of malware writers having access to your cell phone as well.

      Oh, wait, that's right, Macs and their ilk are bulletproof. ;)

      Time will tell and marketshare DOES matter.
      Confused by religion
      • Right...

        9u0Now you iPhonatics just may have the pleasure of malware writers having access
        to your cell phone as well[/u]

        Or not. It might well be bulletproof, especially if applications have to install through
        iTunes and require registration.

        We shall see, I suppose. This is why the SDK is taking so long, to make it as
        bulletproof as possible.
        • Hard to believe.

          Most articles revolving around economics put presentation over protection. Cheap cheap cheap.
      • Not if the security's worth two pfennigs.

        Can install from an autorun and alter security settings? Where's the security? Where's the basic, entry level, password protection? Why not just hand them the front door keys and... oh, they did.

        Apparently it runs on the security model of Windows 95.
    • Too bad iPhone was hit with malware before WM

      iPhone, out for less than a year, gets hit with a [url=] Trojan [/url] before WM that has been out for many years. It would appear that Apple takes the cake for lousy security models!! :)
      • Link

        • You must be reading this on an infected iPhone

          Every other browser known to mankind would have rendered the word Trojan in my post as a clickable link. Get yourself a real browser on a real device and maybe you too could have followed it. :)
      • False
        • Sorry, that one doesn't count

          It states VERY clearly in the article that this is a proof-of-concept so using Apple logic, it doesn't count. After all, that was the defense used by Apple dudes every time a live, working, proof-of-concept piece of malware was released against OS X.

          Also, this one doesn't count because it ASKS the user it they want to be infected:
          [i]First, when executed, the virus asks the user if it's allowed to spread.[/i]

          So again, using Apple logic, it doesn't count. Hey, I'm only using the same arguments you guys do! :) :) :)
    • Well, it IS Windoze - from MicroShaft!

      What did you expect?



      A pleasant user experience?
  • sad, MS is vector for more malware

  • takes the biscuit

    along with your other posting on CAPTCHAs.

    I guess we need signed, maker-validated installs. I am sure the Chinese are as capable of knowing who their safe producers are as anyone, and of making vetting organisations that self-serve for legitimatising shareware to keep that resource open as well.

    Narr vi
  • More proof that Windows no matter what its shape or form

    Is a piece of garbage.

    Thank goodness for Iphone and the upcoming Google phone. Think Microsoft will provide a patch or update to stop this?

    • What about the link above?

      The one NonZealot provided about the one found on the iPhone? It installs pretty much the same way. Does that count
  • Windows Mobile Protection

    I'll have to read up on how to protect the phone; is there a Windows Mobile AntiVirus?
    • Tons, just Google it (NT)

  • Anyone surprised?

    This has been threatened for years and finally, ta-da!!! here it

    Everyone knew that WM was a security sieve brought to you by
    the same folks who brought you such other failures as Xbox,
    Vista, Zune, Spot, etc.

    Now, all the ZDShills like Ou and his ilk will propose a
    thousand excuses for why the worst and least ethical company
    in the world could not provide mobile devices that are not an
    open invitation for trouble.

    Yup, the iPhone is starting to look better each day with its
    locked down security.

    Is the following not a wonderful story of how good triumphs
    over MSFTevil?

    Oh well, a billion here; a billion there...:

    EU May Give Size Of Microsoft Fine
    By a WALL STREET JOURNAL Staff Reporter
    February 27, 2008; Page B2
    BRUSSELS -- The European Union is expected, as early as
    today, to detail the size of a massive fine against Microsoft
    Corp. for failing to comply with a 2004 antitrust decision,
    according to a person familiar with the matter.

    The figure could be as much as ???1.5 billion ($2.22 billion),
    which is three times the ???497 million that was assessed in
    2004, and an EU record. The fine would be in addition to
    ???280.5 million already levied for noncompliance.

    The 2004 decision ordered Microsoft to turn over technical
    documentation it was charged with illegally keeping from rivals.
    But in late 2005, the EU said it wasn't satisfied with what
    Microsoft had produced and threatened a fine of up to ???2
    million per day. That was later raised to ???3 million.

    The EU stopped the clock on the daily fines last October, after
    Microsoft agreed to license the technical information. But the
    EU hasn't yet totaled up how much it will assess, and the final
    amount isn't clear. If Microsoft is given the maximum, it works
    out to ???1.5 billion.
    Jeremy W
    • Nope

      No, I'm not surprised at all that you've posted yet another ABM trolling and included a lot of off-topic garbage at the end of it.
      Hallowed are the Ori
    • EU Paves the way

      The EU will pave the way to allow the open source develoers to write more effective malware to try and convince us that we need to use their software, thereby us allowing them complete and unfettered access to our systems and our files so that they may suck all the money out of our accounts. No Thanks, Microsoft should tell the EU to go suck on a rotten egg.