Home > Threat descriptions >



Category: Malware

Type: Trojan

Platform: SymbOS


Cardtrap.AG is a Symbian SIS file trojan that disables several of Symbian's built-in applications, tries to damage some third party applications, and installs Windows malware to the memory card.


Disinfection with two Series 60 phones

Use F-Skulls to allow for installation of F-Secure Mobile Anti-Virus. Install F-Secure Mobile Anti-Virus.

Download F-Skulls tool from ftp://ftp.f-secure.com/anti-virus/tools/f-skulls.zip or directly to a clean phone from https://www.f-secure.com/tools/f-skulls.sis

  • Install F-Skulls.sis onto the infected phone's memory card with a clean phone
  • Put the memory card with the F-Skulls tool into the infected phone
  • Start up the infected phone and the application installer should now work
  • Go to the application manager and uninstall the SIS file in which you installed the malware
  • Download F-Secure Mobile Anti-Virus from https://phoneav.com and activate the Anti-Virus
  • Scan the phone and remove any remaining components of the malware
  • Remove the F-Skulls tool with the application manager as the phone should now be clean
Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Installation to the phone

Cardtrap.AG tries to disable key system applications and third party products by installing several damaged files to the phone memory.

Cardtrap.AG installs files from the following Symbian malware:

  • SymbOS/Singlejump.A

F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.AG with generic detection, so if the phone has functional Anti-Virus installed Cardtrap.AG is blocked before it can be installed.

Installation to the MMC card

Cardtrap.AG installs following Windows malware:

  • Trojan.BAT.Disabler.c

to the phone's MMC card. The malware is installed with a filename, icon, and shortcut link that tries to fool the user into clicking on them.

Description Created: 2006-05-16 14:46:33.0

Description Last Modified: 2006-05-16 14:51:43.0