Skulls Trojan puts on antivirus mask
New variant of the cell phone pest attempts to fool victims by disguising itself as pirated security software.
The Skulls Trojan horse, which affects Symbian-based cell phones, first surfaced in November. This latest Skulls.L variant is similar to Skulls.C, the only difference being that it's disguised as a pirated copy of F-Secure Mobile Anti-Virus, the Finnish antivirus maker said in an alert posted Thursday.
Like earlier versions, the new Trojan attempts to disable system applications and replace their icons with images of skulls. It also drops two versions of the Cabir worm on the device. The worms aren't activated until the user clicks on their icons, F-Secure said.
The legitimate version of F-Secure Mobile Anti-Virus is signed by Symbian, while the Trojan displays a warning during installation that states: "Unable to verify supplier. Continue anyway?" People who want the security software should download it from the F-Secure Web site, the company advised.
The Symbian operating system is used by a number of cell phone manufacturers, including Nokia, the world's biggest handset maker.
In recent months, other malicious software that targets mobile phones has been reported. These attacks include the Commwarrior virus and the Fontal Trojan.
People whose handsets are infected with Skulls.L can download a tool from F-Secure's Web site to remove it. However, the company said it has received only a single sample of the Trojan, suggesting that--like other variants of Skulls--it is not widespread. F-Secure said its current mobile antivirus product detects the variant.