Eavesdropping Trojan hits 150,000 Symbian phones in China

Symbian is a perennial mobile malware target, but other mobile OSes could become targets soon

More than 150,000 Symbian-based mobile phones in China have been infected with spyware called Xwodi, according to mobile security company NetQin. A variant of existing spyware called Spy.Felixspy, Xwodi stealthily activates a phone's conference call feature when a call is made, enabling a third party to secretly eavesdrop on conversations.

NetQin reports that the spyware is capable of remotely activating a phone's speaker to secretly monitor nearby sounds. Furthermore, it can steal incoming text and email messages.

Mobile spyware like Xwodi generally propagate in one of two ways: It comes packaged in seemingly innocent third-party apps, or it spreads via an SMS-based phishing attack through which a user is duped into clicking a Web link that causes him or her to unknowingly download the malicious code.

On their own, the spyware's capabilities are fairly troubling: Reports weren't specific as to where intercepted calls were going, but there's no doubt all sorts of valuable private data that can be swiped via phone conversations, from financial information to business secrets.

Even more concerning, however, is the number of phones purportedly infected by Xwodi. InfoWorld Security Adviser blogger Roger Grimes said, "A few thousand would be startling, so more than 100,000 is almost unbelievable."

Mobile malware is gaining momentum Stateside, however, and China has been using cell phones for some 10 years longer than the United States, so there's more mobile malware to be found.

Indeed, China has made news of late as being home to other widespread malware. Earlier this month, for example, F-Secure reported that a Trojan called ADRD was spreading on Android phones in China. Found in several third-party applications, the Trojan acts as a bandwidth vampire; directed by a remote host, it runs random searches in the background, using up bandwidth in the process.

In addition to tweaking user permissions to enable the aforementioned searches, ADRD can steal such data as contents of the SD card and the phone's identifiers.

Symbian devices have been attacked in other countries through spyware; Spanish phones were hacked last fall, for example, to steal users' banking information. Nokia's Symbian has been a target for years of such attacks, and security vendors warn that other mobile devices will be targeted as they grow in popularity. Today, smartphones are safer computing environments than PCs, but that could change: Already, there've been a rash of malware masquerading as legitimate apps in the Android Market.

This story, "Eavesdropping Trojan hits 150,000 Symbian phones in China," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.

Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform