McAfee's Avert Labs division is warning users about one of the first "Trojan horse" viruses to afflict Windows Mobile. Dubbed WinCE/Infojack, it allows silent installation of malware, and sends information about an infected device to the Trojan's author, according to the company.
In a posting on the Avert Labs blog, mobile antivirus researcher Jimmy Shah writes that WinCE/Infojack was created by a unnamed Chinese website. It was packed inside legitimate installation files and distributed with Google Maps, applications for stock trading, and the collection of games seen below, according to Shah.
WinCE/Infojack installs itself like other Windows Mobile applications, though without announcing what it is doing (above right). Once installed, it has a number of features that show its malicious intent, as listed by Shah:
- Protecting itself from deletion and copying itself back to disk
- Replacing Internet Explorer's home page
- Allowing unsigned applications to install without warning
- Installing as an Autorun program on a memory card, if available
- Installing itself on subsequent devices into which that infected memory card is inserted
The Trojan sends the infected device's serial number, operating system, and other information to the author of the trojan. It also modifies the infected device's security setting to allow unsigned applications to be installed without a warning, says Shah.
Further information: Avert Labs provided no information on whether detection of WinCE/Infojack would be added to antivirus software for Windows Mobile. However, the website that distributed WinCE/Infojack is no longer online, "due in part to an investigation by local law enforcement," Shah writes.
Microsoft, Windows Mobile, Windows Mobile Phone, Windows Mobile Device, Trojan, Trijan Horse, Malware, WinCE/Infojack