Java/GameSat.A!tr

Alias/esJ2ME/GameSat.A, Trojan-SMS.J2ME.GameSat.a
Release DateJan 13, 2010
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 11.586
Description

Visible Symptoms

  • sends SMS messages to short number 151

Detailed Analysis

This malware is a Java ME midlet which affects all mobile phones supporting Java (thus basically all phones are affected). It is packaged under names such as "OPMOD GRATIS INDOSAT" or "GAME GRATIS INDOSAT". Once installed on the phone, it attempts to send SMS messages to the short number 151. If the victim is an Indonesian subscriber to Indosat Multimedia 3 (IM3), this will result in transferring credits (a given amount of Indonenisan roupees) to a given IM3 account. If the victim does not use IM3, depending on the subscription, he/she is charged for the sent SMS.


Technical Details


Java/GameSat.A!tr is classified as a Trojan. It may be downloaded from questionable websites, sometimes advertised as a hack to Opera Mini.

The trojan displays a page with several clickable icons, each icon redirecting the victim to an online non-free service, such as divination or dating.
Each time the victim clicks on an icon, the application attempts to send an SMS to a given configurable phone number with a given configurable text. In the packages we analyzed, the SMS message consists in an automated fund transfer between Indosat pre-paid card users.
The SMS messages are only sent with the victim's consent: the victim can cancel the sending of SMS.
The trojan installs the following files:
  • RegMidlet.class: handles registration
  • a.class: handles the display of fonts and images
  • b.class: calls RegMidlet
  • c.class: handles storage in a RecordStore
  • d.class: asks for the name and birthdate of the victim
  • e.class: sends SMS
  • f.class: handles the global look and feel of the malware
  • g.class: handles selection of icons
Figure 1. The malware's main screen - trying to send an SMS Figure 2. Additional information to send by SMS for the chat and date service. The message basically translates to "To Express Yourself and easily find friends"

Description Last Updated Date: Jan 20, 2010
Reference: ID - 1458005