Spyware:SymbOS/Flexispy.F

Classification

Category :

Spyware

Type :

Monitor

Platform :

SymbOS

Aliases :

RBackupPro, Flexispy.F

Summary

Flexispy.F is a commercial spying application written for Symbian S60 3rd Edition.

It records the details of voice call information, SMS information and contents, physical location, and sends the details to a remote server.

Removal

Removal using Symbian application manager

If you feel you want to remove Flexispy from your device, you can do that by doing the following:

  • Open the Application Manager (App. Mgr) from the Tools folder.
  • Find the application named RBackupPro.
  • Click options and select "Remove".
  • The application will uninstall.
  • Reboot the phone.

Verify successful uninstallation with F-Secure Mobile Anti-Virus

  • Download F-Secure Mobile Anti-Virus and activate the Anti-Virus.
  • Scan the phone and remove any components of the malware that remain.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

When Flexispy.F is installed on the phone it will hide from Symbian's built in process menu and it does not have any visible user interface or icon. Flexispy.F has a hidden user interface that can only be accessed using a special code known to the person who has purchased the spying application and has installed it on the phone.

When Flexispy.F is active on the device, it will record details of all voice call and SMS information and GSM location information, and then later send those details to the Flexispy server.

Flexispy.F is signed with a Symbian certificate so it can be installed even if device accepts only valid installation packages. And it's certificate has the necessary capabilities so that it can operate without Symbian OS alerting user.

Installation

Flexispy.F is installed from a standard SIS package. During installation Flexispy.F shows the dialog seen above. After installation the application will immediately go into hiding and does not show any indication to the phone user of its activity. Being very similar to Flexispy.A, Flexispy.F does not have an application icon in the phone user interface.

Flexispy.F is signed with an official Symbian signed certificate, that has been given to its developer Vervata. The certificate is given to software named RBackupPRO, which is the name that is visible in the certificate and in the uninstallation information.

F-Secure Mobile Anti-Virus for Symbian detects this spyware starting from the update build number 123.