Mobile phone users held to ransom by malware

By Isabelle Chaize

A code called Kiazha.A is currently targeting Symbian mobile phones in China. Unlike most malwares which aim to make the headlines and create a name for the author, this one is profit-driven.

It works by removing all sent and received text messages, and unless users pay about $7 it threatens to disable the handset permanently. The malware automatically sets up an account with QQ, a Chinese instant messaging and virtual currency system, through which owners of infected phones are requested to make their payment.

The malicious code also forwards all texts sent by the user to the malware creator, and charges the user for doing so.

Kiazha.A forms part of a larger malware payload called Symbos/Multidropper.cr. However unlike normal multi-droppers which are compiled by people who are not programmers but are simply collecting the work of others, ‘with MultiDropper.CR it appears that the author, with a lot of effort and testing, put together various malware-like pieces from a toolkit’ said Jimmy Shah, a McAfee Avert Labs engineer.

The WinCE/InfoJack malicious code, which steals information and leaves handsets vulnerable to further infections, attacked Windows Mobile handsets in China last week, making the Kiazha.A code the second major threar to Chinese mobile phone users in a few days.