McAfee has unearthed a Windows Mobile PocketPC Trojan that disables security, installs via a memory card, can’t be uninstalled and makes itself your home page.
According McAfee’s Avert Labs blog, the Trojan has been discovered in China. Here’s how it works according to researcher Jimmy Shah:
WinCE/InfoJack sends the infected device’s serial number, operating system and other information to the author of the Trojan. It also leaves the infected mobile device vulnerable by allowing silent installation of malware. The Trojan modifies the infected device’s security setting to allow unsigned applications to be installed without a warning.The Trojan was packed inside a number of legitimate installation files and distributed widely. It has been distributed with Google Maps, applications for stock trading, and a collection of games.
Considering the penetration of mobile devices in Asia this malware could raise quite a ruckus.
Shah reckons that WinCE/InfoJack was created by a web site that may have hired a hacker to create the malware and then distribute it. The Trojan installs as an autorun program on the memory card, installs itself when that memory card is inserted and can’t be deleted. It also becomes your home page.