For mobile phone fanatics, Woron Scan is a tool used to extract certain cellular information from the SIM card. We recently discovered a new Trojan (Spy-Wokiscan) that repackages the Woron Scan utility but also installs additional Trojans that are used to steal the victim’s cellular account information along with more data from the local computer. This Trojan is quite interesting as it takes a utility and repackages it to include Trojans. Once the Trojan installs itself, it starts the Woron scan utility. Then it takes the Woron Scan results and sends it to a remote Russian site.

Putting aside the fact that it is just about illegal in every country to use a cloned SIM, there are also dangers with using the software for creating these cloned SIM cards. This means that phone modders need to be aware of the source of the program they are using. Running this Trojan-repackaged Woron Scan will cause the SIM card’s private information to be sent to a remote hacker. Then once a cloned SIM is created, that person can use the cloned mobile phone to make calls as they please–while leaving their victims to prove those calls didn’t belong to them. In these days of cybercrime and terrorism, modders should really consider the risks involved in modding their phones.

Just a note for those who decide to use a cloned SIM card: Most cellular providers have the ability to track and log certain anomalies caused by the cloned SIM. That means the chances are pretty good that the cloned SIM will be blocked or the user of the cloned SIM will be getting a call from the local authorities.

For further information regarding the Spy-Wokiscan, please visit our VIL description located at http://vil.nai.com/vil/content/v_142989.htm.