Trojan-SMS.J2ME.Small.ac

Technical Details
Payload
Removal instructions

Technical Details

This Trojan infects mobile phones that run Java (J2ME). The MIDlet sends SMS messages unauthorized by the user to premium rate numbers. It is a Java class contained in a JAR archive. It is 4856 bytes in size. The size of the JAR archive is 12 792 bytes.

Payload

This MIDlet's malicious functionality is implemented in the "b" class file, which contains a script to send SMS messages to certain premium rate numbers. The numbers to which to send messages and also their texts are contained in encrypted form in the file:

\info.dat

The MIDlet is installed in the phone under the name:

POSTCARD

After launching, the Trojan displays the question:

If the user clicks "NO", the Trojan will stop running. Otherwise, an SMS message will be sent. If the message is successfully sent, this image is displayed:

If unsuccessful, it displays the following message:

During the analysis of the sample, SMS messages were sent to the number:

7***97 

Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

1. Delete the original Trojan file.
2. If this program was installed on a regular phone, the users can use standard tools to remove it.
3. If the program was installed on a Smartphone, then, besides standard removal tools, the users can use Kaspersky Mobile Security with updated antivirus databases (download a trial version) to remove the malicious file.

MD5: B7752B9487A30CA8BFCA6179BA4C5EDB

SHA1: FE5B3157F52317603056A7AEA36455EE08D1250E