Trojan:SymbOS/Singlejump is a family of trojans that infect devices running the Symbian operating system. On execution, variants in the family replace built-in and third party applications on the device with components that rest the phone if launched.
Disinfection with two Series 60 phones
- 1. Install F-Skulls.sis into infected phones memory card with a clean phone
- 2. Put the memory card with F-Skulls into infected phone
- 3. Start up the infected phone. The application menu should work now
- 4. Press menu button until you get Symbian process menu, look for any applications with strange icons. Kill the application processes with 'C' button.
- 5. Go to application manager and uninstall the SIS file in which you installed the Singlejump variant
- 6. Download F-Secure Mobile Security and activate it
- 7. Scan the phone and remove any remaining components of Singlejump
- 8. Remove the F-Skulls with application manager as the phone is now cleaned
Singlejump variants also use variants from the Bluetooth-Worm:SymbOS/Cabir family to distribute other trojans to new victime devices. The Cabir worm is started automatically when the malware is first installed; if the device is rebooted, the Cabir worm will simply start again.
Instead of sending a copy of itself, the Cabir variant loads the SIS file installed by Singlejump and sends it to the first phone it finds within Bluetooth range.
In most cases, these trojans doesn't send themselves further than a single new victim, so its quite obvious how this malware got its name.