Mobile Users – Ransomware Trojan Victims

Symbian Series 60 owners in China are facing a rather disturbing problem right now, that of the Kiazha-A Trojan, that holds the phone for ransom, according to reports from McAfee. It is a component of a sophisticated mobile malware bundle, dubbed MultiDropper-CR, that infects other devices via Bluetooth or corrupted MMS messages.

The message owners of the S60 are greeted with
a message that is roughly translated as "Warning: Your device has been affected, please prepare a recharge card of RMB 50 yuan and connect QQ account [specified in the original message but removed by the security company in the report], or your phone will be paralysed!!!" The sum of money isn’t big, converted into US dollars it would cost $7 to regain control of the phone.

The QQ mentioned is an instant messaging network very popular in China, used time and time again for password stealing Trojans over the last months because it supports its own currency, called QQ coins.

McAfee anti-virus analyst Jimmy Shah describes the whole process going on with the infection: "MultiDropper-CR uses malicious payloads (Beselo, Commwarrior) to convince the user their phone is infected. It also sets up SMS forwarding (SmsSend-G) to collect information and potentially passwords. In case the victim doesn’t have a QQ account the malware will order (SmsSend-F) one for them. After all that, Kiazha-A deletes SMS messages to cover its tracks and displays the offer to fix the user’s phone for a small fee." The scheme is devilishly well thought of, and difficult to track back following the malware’s components because "It appears that the author, with a lot of effort and testing, put together various malware like pieces from a toolkit." That method of going back to its roots via specific coding is thus removed entirely.

Everybody hates this kind of messages from Trojans
Comments: Everybody hates this kind of messages from Trojans

Strangely enough for mobile phone malware, it looks like the author worked so hard on getting all of the pieces to work together for a profit, and not to increase his notoriety, as per usual.

[Source: softpedia]

0 comments