Mobispy/A Multidropper - would that be Flexispy?
I read on McAfee’s Mobile Security Blog about a new so called ‘multidropper’ spyware package which appears to be the first of it’s kind. A multidropper is essentially a wrapper in which other packages are placed. It uses the embedded SIS command from the Symbian Packaging Standard which when executed tells the wrapper to install embdedded package a, b, c and so on.
From reading between the lines (for legal reasons I believe), creator of this malicious package has signed up an account with Flexispy and embedded their package within a .SIS file.
However, as our friends at McAfee rightly point out, Flexispy accounts are by default tied to one IMEI unless the account holder purchases a multi user license
Can I install on several phones at simultaneously?
Yes. If you have a multi user licence, you can install FlexiSPY on multiple devices, and have all the call activity recorded into your account. Please contact support for details. As a convenience for our Customers, we allow two separate devices to report to one account for the first 30 days following purchase. After this period, accounts using multiple phones to one account must purchase a multi user licence, or their service is temporarly suspended
So when McAfee state that it is unlikely that the author of the spyware is the original account holder, I assume this implies that s/he also has access to a multi user account? Judging by the above FAQ statement I would say multi user accounts have a higher cost associated with them, that they are not high in number and are approved on a case-by-case basis. This means the attack vector has one huge flaw and can be cut dead at any time. Together with McAfee, I am also of the opinion that the current incarnation of Mobispy/A will not be going very far anytime soon.
No Tags| Powered by Gregarious (41) |
|