Threat Descriptons



Category :


Type :


Platform :


Aliases :



Trojan:SymbOS/Cardtrap.M is a trojan distributed in a malicious SIS file that disables several Symbian built in applications, tries to damage several anti-virus applications, and installs several Windows viruses worms and trojans to memory card.


A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

The Windows malware installed to memory card is installed with icons, batch files and short cut links, that try to fool user to execute a malicous file when he is trying to investigate the card contents.

The files that Cardtrap.M drops to the memory card contains several references to F-Secure and some files use F-Secure icons. F-Secure has nothing to do with the creation of Cardtrap or any other malware; the actual creator is trying to use the reputation of F-Secure as a way of fooling users into trusting the file on the memory card.


Cardtrap.M installs several damaged files to phone memory to disable key System applications and anti-virus products.

Cardtrap.M disables following system applications:

  • Application manager
  • Browser
  • File manager
  • Media gallery
  • MMS and SMS messaging inbox

F-Secure Mobile Anti-Virus is capable of detecting Cardtrap.M with generic detection, so if phone has functional Anti-Virus installed the Cardtrap.M is blocked before it can be installed.

Installation to MMC card

Cardtrap.M installs several Windows viruses, worms and trojans to the phone MMC card. The Windows malwares, are installed with filenames,icons and shortcut links, that try to fool user into clicking them.

Cardtrap.M installs following Windows malwares to MMC card:

  • Virus.Win32.Kangen.a
  • Email-Worm.Win32.Brontok.c
  • VBS/Starer.A
  • VBS/Soraci.A

Picture of MMC card contents when viewed with Windows Explorer:

The files that Cardtrap.M drops to the memory card, contains several references to F-Secure and some files are with F-Secure icons. But F-Secure has nothing to do with creation of Cardtrap or any other malware.

The MMC card also contains modified version of Opera start page HTML files that try to fool the user to install additional Symbian malware SIS files that are installed to the card.

If user has Opera installed in MMC card, he will see the modified version of Opera default content.

Cardtrap.M installs following Symbian malware SIS files

  • SymbOS/Doomboot.K
  • SymbOS/Cabir.AB
  • Symbian dropper for Win32/Istbar.IS
More Support


Ask questions in our Community .

User Guides

Check the user guide for instructions.

Contact Support

Chat with or call an expert.

Submit a Sample

Submit a file or URL for analysis.