Money-stealing mobile trojan surfaces in China

Security researchers from McAfee have identified a trojan that attempts to extort money from owners of Symbian-based smartphones in China.

After being downloaded onto the user's smartphone, the malicious software, which McAfee has dubbed Kiazha.A, deletes any SMS messages and threatens to shut the phone down unless the user sends 50 yuan (about $7) to the malware author. The trojan asks the user to pay via QQ coins, a virtual currency used in the popular Chinese QQ instant messaging network, David Marcus, the security research and communications manager at McAfee's Avert Labs, told SCMagazineUS.com on Wednesday.

Kiazha.A is part of a "malware cocktail" called MultiDropper.CR, according to McAfee. The various components create a bundle that tries to persuade the user to install the package, sets up SMS forwarding to collect information, creates a QQ account, in case the victim doesn't have one, and then deletes SMS messages to cover its tracks. It then displays an offer to fix the user's phone for a small fee.

The alert message displayed on the phone reads, "Warning: Your device has been affected, please prepare a recharge card of RMB 50 yuan and connect QQ [ID removed] account or your phone will be paralyzed!!!"

"With MultiDropper.CR, it appears that the author, with a lot of effort and testing, put together various malware-like pieces from a toolkit," Jimmy Shah, an engineer at McAfee Avert Labs, said. "The author may have put in all this work to make a profit rather than increase his notoriety."