A Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can't be uninstalled and makes itself your home page has been detected by both McAfee & US-CERT. Here's how it works according to researcher Jimmy Shah: WinCE/Info Jack sends the infected device's serial number, operating system and other information to the author of the Trojan. It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device's security setting to allow unsigned applications to be installed without a warning. The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games.


The Trojan may take any or all of the following actions on the mobile device:

Spreads via seemingly legitimate application installation files

Installs as an autorun program on the memory card

Installs itself to the device when an infected memory card is inserted

Protects itself from deletion by copying itself back to disk

Replaces the browser's homepage

Allows unsigned applications to install without warning


Users are encourage to take the following preventative measures to help mitigate the security risks:

Install anti-virus software on the mobile device, and keep its virus signature files up-to-date.

Use caution when downloading and installing applications.

1 Comment:

  1. Unknown said...

Post a Comment