UMU Mobile Security Banner
J2ME/GameSat.A
Green Tick UMU Scan protects against this virus.
Threat Level:
Low
Type:
Trojan
SDB Version:
205
SDB Release Date:
25/03/2009
Description Date:
08/04/2009

What does this virus do?

Arriving as an installer for an application offering mobile chat and dating, once installed on your phone, it sends SMS messages to a pre-determined number charging you at premium rates.

J2ME/GameSat.A arrives as a JAR installation package for an application named “Game Gratis TM (indosat)” that poses as an application for mobile chat and mobile dating. It targets phones that use SIM cards from Indonesian service provider Indosat.

It affects all devices that support J2ME or Java Midlet execution. The JAR installer has an error that prevents it from installing in Windows Mobile, but it successfully installs and runs in Symbian 2nd and 3rd Edition devices.
 
Screenshot of J2ME/GameSat.A installation disguised as GameGratis TM (indosat).
 

 Upon installation, it displays the following message:

 
Screenshot of details of GameGratis TM (indosat)
 
It then appears in the phone’s Menu as follows:
 
Screenshot of J2ME/GameSat.A disguised as GameGratis (indosat) as it appears in the menu of an infected phone.
 

 It drops the following components:

 
a.class
b.class
c.class
d.class
e.class
f.class
g.class
RegMidlet.class
 

e.class and RegMidlet.class are the main components where e.class handles the SMS sending functionalities.

Once installed in the system, it displays this splash screen:

Screenshot of splash screen

It then prompts the following message that will allow it to send an SMS to 151, where 151 is an account set up by the malware writers.

Screenshot of pop up message to prompt sending of SMS

It will also display the following message when the user chooses any of the applications. The compromised user may be charged at premium rates for these messages.

 

Screenshot of message sent as SMS

 

Manual Disinfection
 
  1. Go to the device’s Application Manager and remove/uninstall applications named “Game Gratis TM (indosat)”.
  2. Scan your mobile device using UMU Scan and delete all files detected as J2ME/GameSat.A.

 
Virus Definitions

List of virus definitions
Report a new virus/spyware