Barely had the dust settled over the Windows Phone 8 OS launch – the OS sees its own malware being developed! A teenager and a researcher – part of the Indian National Security Database program – Shantanu Gawade claims to have developed information-stealing malware that works on Windows Phone 8. The Indian National Security Database program is supported by the Govt of India.
The prototype of the malware developed will demonstrate the approaches and techniques used for infecting the Windows Phone and how it can steal contacts, upload pictures, access text messages and do more. The malware has been built for educational purposes only and to raise awareness about how malware authors can target Windows Phone 8 OS and put the malware to nefarious uses.
The 16-year old ethical hacker declined to disclose any technical details about malware but assured that he will present the malware code at the upcoming International Malware Convention (MalCon) in New Delhi, India, on November 24.
The malware uses legitimate WP8 functionality without resorting to other methods such as ‘homebrew apps’ and interop capabilities, Gawde said. “The idea behind the app was to code it in such a way that it would be accepted into the marketplace, whilst having hidden functionality. He further added, The app will be shared with antivirus vendors and Microsoft after the conference so as to enable mitigation of such threats.
In response to this, Microsoft’s Trustworthy Computing Director Dave Fornstrum said that the company would “investigate any issues disclose” in the MalCon talk and “take appropriate action to help Microsoft protect Windows Phone 8 users”.
The fact that whether the malware will affect Windows Phone 8 handsets by targeting a specific weak spot in the OS or by fooling users into installing something inappropriate remains unclear.