Windows CE Trojan out in the wild, say researchers
US-CERT is warning of a Trojan that puts the users of Microsoft's mobile operating system at risk for data disclosure.
Known as the WinCE/InfoJack Trojan, it will hijack the device serial number, disable the operating system's security functions, then install programs and upload user data to the attacker's Web site.
The virus was first discovered in China. It is packed within legitimate installation files, and comes with a group of applications including Google maps, stock trading applications and games, according to McAfee.
"WinCE/InfoJack was created by a specific website. The website may have hired someone to create the trojan and distribute it to other sites," researcher Jimmy Shah said. "The maintainer of the website claims that the software was just necessary to collect information on the types of mobiles used to access their site."
The Trojan can install itself as an autorun program on the memory card, which in turn can spread simply by installing the infected card on another device. It also replaces the browser's homepage, and allows unsigned applications to be installed without warning.
Attempts at deleting it will only bring the Trojan back, as it copies itself back to disk.
Researchers say the application also had a feature where it would have been auto-updateable allowing additional malware to be installed. However, this website has apparently been taken down, as McAfee said local law enforcement has launched an investigation into the Trojan.