The first malware to exploit Symbian S60 3rd Edition has been identified in the wild by security firm F-Secure. The company said that the code was a Trojan that could be used for spam among other purposes.
Trojan SymbOS/Yxe.A is still undergoing analysis, but it appears to use encryption and may be designed for spam SMS messages, as well as enabling downloads, saidPatrik Runald, F-Secure's chief security officer. "This is the first malware for the Symbian S60 3rd Edition phones" he said. "It's definitely in the wild, and probably originated in China, where it's infecting phones."
SymbOS/Yxe.A attempts to use social-engineering ploys, like portraying itself as a game application or using sex images as a lure. Runald pointed out that victims are being fooled into installing it manually.
Runald said the Symbian S60 3rd Edition platform required application developers to use a registered signing key for applications to be able to run, so the appearance of SymbOS/Yxe.A raises the question of whether someone stole a Symbian-issued certificate to create malware that would run on the platform. "For the application to run, it has to be signed," Runald said.