Video Screencast Help
Security Response

Mobile Game Bundled with Malware

Created: 09 Apr 2010 21:46:07 GMT • Updated: 23 Jan 2014 18:28:21 GMT
Symantec Security Response's picture
+1 1 Vote
Login to vote

We have discovered a threat affecting the Windows Mobile platform that dials several high-cost international phone numbers. The threat is bundled within a .cab installation file that contains a legitimate game called “3D Anti-terrorist action” and a malicious dialer that we call Trojan.Terred.
 

While there is no smoking gun, we don’t believe that the makers of the game are bundling the threat, but rather one of the distributors. The threat itself is a binary created with the .Net Compact Framework and therefore requires this specific framework for it to be installed. The threat will therefore not run on any device that does not have the framework installed; however, the game will install without any problems either way.
 

Error running the threat if the framework is not installed.

The game successfully installs, in any case.

The threat attempts to call the following premium, international phone numbers:

  • +8823460777
  • +17675033611
  • +88213213214
  • +25240221601

These calls, of course, are charged to the user's phone account, and the money is transferred to the threat’s author. Symantec customers using Symantec antivirus products for Windows Mobile with the latest definitions are protected from this threat.