Commercial Trojan spies on mobile phones

Commercial Trojan spies on mobile phones


FlexiSpy program is 'illegal in most countries'

An antivirus company has warned of a new program designed to catch cheating spouses and partners who use Symbian mobile phones.

The Flexispy.A Trojan records information about the victim's phone calls and SMS messages, then sends the data to a remote server, according to security company F-Secure.

"What makes this interesting is that Flexispy.A is a Trojan written by a company for commercial reasons. The company even claims that Flexispy is not a Trojan," said a posting on F-Secure's website.

F-Secure said the company which produces the software claims that it's a useful tool for catching a cheating spouse.

"However, this application installs itself without any kind of indication as to what it is, and completely hides itself from the user," the web posting said.

F-Secure is concerned that the application could be abused by malware that installs it as part of a payload, or by a hacker sending it to open phones over Bluetooth and trusting that there are enough curious people to install it.

The antivirus company also warned that use of the program may break the law depending on where you are in the world.

"Spying on people's private communication is illegal in most countries around the world," the posting said.

The website where the FlexiSpy software is sold clarifies that its use may be illegal, but claims that the burden lies with the user.

"Using surveillance devices, intercepting and/or recording phone conversations, without the consent of all the parties involved might be illegal in your country. Check local laws before or purchasing and/or using any of our products," said FlexiSpy.com.

"It is the responsibility of the user of FlexiSpy to ascertain, and obey, all applicable laws in their country in regard to the use of FlexiSpy for 'sneaky purposes'."

The site maintains that by downloading and installing FlexiSpy, the user agrees that the software will not be used in an unlawful manner.

Flexispy.A is installed in a standard SIS package and when installed the application uses the name 'phones'. It does not give any indication as to what is being installed.

After installation the software goes into hiding and locks its files so that the application uninstaller cannot remove it.

A hidden user interface can be accessed using a special code known to the person who installed it on the phone.