Merogo SMS Symbian worm spreading in wild-Be Safe

F-Secure alerted Symbian users that there is new kind of Trojan:SymbOS/MerogoSMS are spreading in parts of China. The main attacking platform of these worms as Symbian 3rd editon aka S60V3.These worms spread by sending text messages to other phones. The text messages contain variable messages (in Chinese), and a link to a website. If the link is followed, the user is prompted to install an application — infecting the phone and restarting the SMS spreading. And also these worms seem to have the capability of sending messages to expensive premium-rate numbers.

As unsigned software can not be  installed on Symbian Series 60 3rd Edition devices by default, the SISX installation packages of this worm have passed the Symbian Signed process. They sign the worm using  Express Signing mechanism. The signed installation files contain further, unsigned SISX files which the host installer will deploy. Such mechanism makes it hard for certification systems to get a full view of what the program actually does.

Symbian Foundation has already revoked the publisher ID that was used for these packages.

We have no reports of this malware from outside China.


Be Safe Symbian users..



  • scurvey Yousef

    ouch! Watch out!
    nice look of the blog btw. Great stuff and great job bro :-up

    • Siraj

      yo Thanks be safe from the worm 😀