Phone Trojan 'has botnet features'
![tom-espiner.jpg](https://www.zdnet.com/a/img/resize/67310ee8f7e1f78d688a1d30b97fcd110e981c3a/2014/07/22/041da4a6-1175-11e4-9732-00505685119a/tom-espiner.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
The Symbian Trojan, which Trend Micro detects as SYMBOS_YXES.B, poses as a legitimate application called ACSServer.exe and calls itself 'Sexy Space'. It steals the user's subscriber, phone and network information, and connects to a website to send that information back to a hacker. It can also target the victim's contacts with spam SMS messages, and pull the content in those messages from the malicious website.
"In short, it appears to be a botnet for mobile phones," wrote Jonathan Leopando of the Trend Micro technical communications team in a blog post on Wednesday.
However, the malware itself is classified as low risk, with a low distribution potential, according to a Trend Micro analysis.
Leopando added that there may be a problem with digital signing by the Symbian Foundation. Digital signatures, which are cryptographic security features, are designed to provide a level of certainty that a message or piece of software actually comes from the organisation it appears to have come from.
However, Leopando wrote in the blog post that SYMBOS_YXES.B was similar to another phone malware that Trend Micro detects as SYMBOS_YXES.A, and that both pieces of malware had been signed by Symbian Foundation.
"The signing process — undertaken by the Symbian Foundation itself — is supposed to ferret out instances like this, but somehow this slipped through," wrote Leopando. "It may well be a coincidence, but it does not reinforce confidence in the signing system."
The Symbian Foundation had not responded to a request for comment at the time of writing.
This article was originally posted on ZDNet UK.