Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:SymbOS/Monlater


Aliases:


Trojan:SymbOS/Monlater.A

Malware
Trojan
SymbOS

Summary

Monlater is a trojan that detects AppServer.exe processes and uninstalls a package with certain UID from an infected device.



Disinfection & Removal

F-Secure's Mobile Security product blocks installation of this program with default settings.



Technical Details

Monlater.A contains a function that allows it to detect AppServer.exe processes and uninstall a package with UID 0x20042EB8 from an infected device. Similar functionality is also found in a later variant, Monlater.B, but uses a different file name and UID.

Upon further inspection, samples in the Monlater family show a lot of similarities with those from another family - Monsoon, which was discovered in early 2011. It is highly likely that Monsoon and Monlater connect to the same command and control (C&C) server. The same update channel may also have been used to push new versions of malware and hide the original ones to avoid detection.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Keep your mobile device protected




F-Secure Mobile Security will keep your mobile device protected on the go and enable you to find it in case you lose it