Home > Threat descriptions >

Trojan:SymbOS/Monlater

Classification

Category: Malware

Type: Trojan

Platform: SymbOS

Aliases: Trojan:SymbOS/Monlater.A

Summary


Monlater is a trojan that detects AppServer.exe processes and uninstalls a package with certain UID from an infected device.

Removal


Automatic action

F-Secure SAFE automatically blocks installation of this program.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


Monlater.A contains a function that allows it to detect AppServer.exe processes and uninstall a package with UID 0x20042EB8 from an infected device. Similar functionality is also found in a later variant, Monlater.B, but uses a different file name and UID.

Upon further inspection, samples in the Monlater family show a lot of similarities with those from another family - Monsoon, which was discovered in early 2011. It is highly likely that Monsoon and Monlater connect to the same command and control (C&C) server. The same update channel may also have been used to push new versions of malware and hide the original ones to avoid detection.