Threat Description

Spyware:​SymbOS/Flexispy.F

Details

Aliases: RBackupPro, Flexispy.F
Category: Spyware
Type: Monitor
Platform: SymbOS

Summary



Flexispy.F is a commercial spying application written for Symbian S60 3rd Edition.

It records the details of voice call information, SMS information and contents, physical location, and sends the details to a remote server.



Removal



Removal using Symbian application manager

If you feel you want to remove Flexispy from your device, you can do that by doing the following:

  • Open the Application Manager (App. Mgr) from the Tools folder.
  • Find the application named RBackupPro.
  • Click options and select "Remove".
  • The application will uninstall.
  • Reboot the phone.

Verify successful uninstallation with F-Secure Mobile Anti-Virus

  • Download F-Secure Mobile Anti-Virus and activate the Anti-Virus.
  • Scan the phone and remove any components of the malware that remain.


Technical Details



When Flexispy.F is installed on the phone it will hide from Symbian's built in process menu and it does not have any visible user interface or icon. Flexispy.F has a hidden user interface that can only be accessed using a special code known to the person who has purchased the spying application and has installed it on the phone.

When Flexispy.F is active on the device, it will record details of all voice call and SMS information and GSM location information, and then later send those details to the Flexispy server.

Flexispy.F is signed with a Symbian certificate so it can be installed even if device accepts only valid installation packages. And it's certificate has the necessary capabilities so that it can operate without Symbian OS alerting user.

Installation

Flexispy.F is installed from a standard SIS package. During installation Flexispy.F shows the dialog seen above. After installation the application will immediately go into hiding and does not show any indication to the phone user of its activity. Being very similar to Flexispy.A, Flexispy.F does not have an application icon in the phone user interface.

Flexispy.F is signed with an official Symbian signed certificate, that has been given to its developer Vervata. The certificate is given to software named RBackupPRO, which is the name that is visible in the certificate and in the uninstallation information.

F-Secure Mobile Anti-Virus for Symbian detects this spyware starting from the update build number 123.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Keep your mobile device protected

F-Secure Mobile Security will keep your mobile device protected on the go and enable you to find it in case you lose it

Learn More