Threat Description

Trojan:​SymbOS/Monlater

Details

Aliases: Trojan:​SymbOS/Monlater.A
Category: Malware
Type: Trojan
Platform: SymbOS

Summary



Monlater is a trojan that detects AppServer.exe processes and uninstalls a package with certain UID from an infected device.



Removal



F-Secure's Mobile Security product blocks installation of this program with default settings.



Technical Details



Monlater.A contains a function that allows it to detect AppServer.exe processes and uninstall a package with UID 0x20042EB8 from an infected device. Similar functionality is also found in a later variant, Monlater.B, but uses a different file name and UID.

Upon further inspection, samples in the Monlater family show a lot of similarities with those from another family - Monsoon, which was discovered in early 2011. It is highly likely that Monsoon and Monlater connect to the same command and control (C&C) server. The same update channel may also have been used to push new versions of malware and hide the original ones to avoid detection.






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Keep your mobile device protected

F-Secure Mobile Security will keep your mobile device protected on the go and enable you to find it in case you lose it

Learn More