| Release Date | Jun 24, 2009 |
| Detection Availability | Current Antivirus Definition Database Version: 12.202 | | Description | Visible Symptoms- The spyware connects to the Internet. Depending on your phone's subscription, this may lead to abnormally high phone bills.
- An application named STD is installed in Cydia, a typical third party installation tool for jailbroken iPhones.
Detailed AnalysisThis spyware is the iPhone version of SymbOS/Trapsms.A!tr.spy. It spies on SMS messages received by or sent from the mobile phone it is installed on.
As for SymbOS/Trapsms.A!tr.spy, the typical attack scenario is:
- The attacker registers on the spyware's website.
- The attacker installs the spyware on the victim's iphone.
- The victim uses his/her iPhone. All SMS messages received or sent are forwarded to the attacker's web account.
- The attacker spies on the victim.
- This spyware is installed on the victim's phone by the attacker.
- It requires the victim's phone to be jailbroken. The attacker must then download the spyware from SmsTrap's repository, and install it (using Cydia, for example).
Figure 1: Installation of the spyware using Cydia.
|
Figure 2: Spyware is installed on the iPhone.
|
- The attacker can configure the spyware not to show on the springboard (a very likely scenario).
Figure 3: The spyware is invisible.
|
- The spyware consists of:
- a visible or invisible user interface (named SMSTrapUI): This interface is used by the attacker to configure the spyware. In particular, this is where he/she enters his/her web credentials so that SMS received or sent by this phone are forwarded to the correct web account.
- a daemon (named std) which is actually in charge of spying on the SMS messages.
|
Description Last Updated Date: Jul 27, 2009
Reference: ID - 906713
|