Threat Descriptions

Trojan:SymbOS/Blankfont.A

Classification

Category :

Malware

Type :

Trojan

Platform :

SymbOS

Aliases :

Blankfont.A

Summary

Blankfont.A is a SIS file trojan that installs a corrupted Font file.

Removal

  • Uninstall the SIS file with which Trojan:SymbOS/Blankfont was installed
  • To make sure that uninstallation was successful, scan your phone with an antivirus program before rebooting the phone

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Trojan:SymbOS/Blankfont.A copies corrupted font files into the phone's memory and thus prevents the phone from loading the valid font files from ROM.

The corrupted font file installed to the phone does not cause device to crash, but if the device is rebooted it will then lose the system font and is unable to display user interface texts.

Any application that the user attempts to use after the reboot works otherwise normally, but does not show any text. This makes most of the applications unusable until the phone is disinfected.

If a phone is infected with Blankfont.A, it must not be rebooted as the trojan will corrupt the system font and will make disinfection quite difficult. If the phone is rebooted it can still be disinfected but doing so is rather difficult as there is no text on the screen.

Spreading Vector

  • Rally_2.sis

Infection

When the Blankfont.A SIS file is installed, the installer copies its file to the following location:

  • \system\apps\fonts\Panic.gdr

Panic.gdr is a corrupted font file that replaces the original phone font and breaks the phone's ability to show text.