Select local site

| Japanese | Simplified Chinese | Traditional Chinese (Hong Kong) | Traditional Chinese (Taiwan)

F-Secure Malware Information Pages: Flexispy.A
[Summary] | [Disinfection] | [Detailed Description] | [Detection]

Name : Flexispy.A
Alias:Trojan-Spy:SymbOS/Flexispy.A
Type:Trojan-Spy
Category:Malware
Platform:SymbOS
Radar

Summary
FlexiSPY is a spyphone application.

There are newer versions of FlexiSPY than the variant described here. Current versions exhibit different behavior and are not classified as malware.
Back to the Top

Disinfection

Removal using F-Secure Mobile Anti-Virus

If you feel you want to remove Flexispy from your device, you can do that by doing the following:
  1. Download F-Secure Mobile Anti-Virus from http://phoneav.com and activate the Anti-Virus
  2. Scan the phone and remove any components of the malware
  3. Reboot the phone to remove memory resident components
  4. Go to application manager and remove the "phones" application to remove any remaining components
Back to the Top

Detailed Description
Installation
Flexispy.A is installed in a standard SIS package and when installed the application uses the name "phones". It does not give any indication as to what is being installed.

After installation the application will immediately go into hiding and locks its files so that the application uninstaller cannot remove it.


User Interface
The user interface of Flexispy.A is only accessible by entering a special code in the phone number field.



In the user interface, the attacker can control when the spying application reports and what information is recorded.






Recording the Victim's Communication
Flexispy.A records both voice call and SMS information and sends the details to the FlexiSpy server. From there the information can be accessed through a web browser.




Recording Voice Calls
Flexispy.A records the following details from the victim's voice calls:

  • IMEI
  • Client time
  • Server time
  • Direction
  • Duration
  • Phone number
  • Contact name in the victim's phonebook




Recording SMS
Flexispy.A records the following details from the victim's SMS message traffic:

  • IMEI
  • Client time
  • Server time
  • Direction
  • Duration
  • Phone number
  • Contact name in the victim's phonebook
  • Contents of SMS messages
Back to the Top

Detection

F-Secure Anti-Virus detects this malware with the following updates:

[FSAV_Database_Version]

Version = 2006-03-29_02.

F-Secure Mobile Anti-Virus for Symbian detects this malware starting from the update build number 81.
Back to the Top



F-Secure Corporation

Last Modified: March 29, 2006