A new variant of Pbstealer has been created. Unlike Pbstealer.A, this second version also steals Notes in the phone. The working of this variant is same as the original except stealing Notes.

Information about this variant is not yet published on any Anti-Virus website.

Working:

2. As soon as the installation completes, it executes itself and the following screen appears. And in the backgorund, it copies all the Contacts and Notes and saves them in a text file named 'PHONEBOOK.TXT'. This text file is created in C:\System\Mail folder.

3. While the victim waits as advised, the Trojan continuously tries to send 'PHONEBOOK.TXT' to the first Bluetooth enabled device it finds. After a while, a message appears saying Done!!! Press OK to exit.

4. Now, the text file accepted by the target phone contains all Contacts as well as Notes.

                                                       


Removal:

1. Open FExplorer.
2. Go to C:\System\Mail.
3. Delete the file named 'PHONEBOOK.TXT'.
4. Go to Application manager.
5. Select PBExplorer and remove it.

Write-up by Me.