Threat Descriptions

Monitoring-Tool:SymbOS/Spyphone

Classification

Category :

Riskware

Type :

Monitoring-Tool

Platform :

SymbOS

Aliases :

-

Summary

A program that monitors and records all actions on a computer, including keystrokes entered.

Removal

F-Secure Mobile Anti-Virus detects this program with default settings.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

Monitoring-Tool:SymbOS/Spyphone.A is the installer package for a program that runs on Symbian OS 9.x. Once installed, the program monitors the user's actions on the device. The information tracked may be forwarded to an external party. The program uses stealth techniques to hide its presence on the phone from detection by the user.

Depending on intent and legal jurisdiction, the use of this program may run contrary to applicable privacy laws. If the user is aware of the program's actions, they may elect to install and use the program.

Activity

The program has two complementary capabilities: Spy Phone and Interceptor. Spy Phone allows the user to call a targeted phone which has this software installed. The call results in the phone answering in 'Ghost Mode' - that is, the phone answers with zero ring, without lights, call notifications and log creation. No visual or physical changes can be noticed on the target phone.

Interceptor includes Spy Phone's capabilities, but also enables the user calling in to 'eavesdrop' on incoming or outgoing calls. In case there are no conversations taking place, the target phone allows the user to listen in to the surroundings.

Both Spy Phone and Interceptor also send an SMS to a pre-defined number as soon as an incoming or outgoing call is connected.

The program allows the user to manage it remotely. A personal secret code allows the user to manage the software from any phone. Remotely configuring the phone requires the user to send a special SMS directing the program to perform the following functions:

  • Activate the program
  • Deactivate the program
  • Change the Secret code to manage the program
  • Change the Pre-Defined Number
  • Query for the Status of the software on the phone

Stealth

The program has the following stealth features:

  • No lights or visual changes can be seen on the device when a Room Monitor or Interception is performed.
  • No Log creation for Incoming Room Monitor Call, Interception Call, Configuration SMS or Intercepted SMS.
  • No Installation Logs for the software.
  • Software cannot be traced inside the phone.
  • Software silently starts up on phone boot or restart (if it is active).
  • On arrival to the target phone, a remote Configuration SMS cannot be viewed in the Inbox; also, no on-screen visual changes are shown.