Android malware discovered calling premium rate numbers
Virus dials up pricey phone lines instead of just texting them.
Security researchers have found malware on Android phones that are capable of dialling up premium rate phone numbers in a bid to make money for cyber scammers.
While there are plenty of instances of malware sending text messages to expensive numbers, racking up huge phone bills for victims, this could be the first incident were the malware makes calls without the user's permission, a researcher at IT security company Lookout said.
In a blog post, Lookout researcher John Gamble said the malware, dubbed Mouabad, waits until the phone display switches off and the lock screen activates before making calls. The malware also sends text messages.
"Mouabad.p also ends the calls it makes as soon as a user interacts with their device (e.g. unlocks it)," he said.
"However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p's dialling activity by checking their call histories."
Gamble noted that the risk of infection is low as the malware only works on Android versions older than 3.1 since apps won't start from intents (like "user_present") in later Android versions and Mouabad.p does not have a launcher shortcut.
The malware is also currently restricted to affecting phones in Chinese-speaking regions as the premium-rate SMS and telephone calls rely on country specific phone numbers.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions," said Gamble.
He said the malware representing a "significant jump in functionality" even if users outside these regions were currently unaffected.
Gamble added the command-and-control server is currently down so the exact dialling targets are unknown, "but targeting premium rate telephone numbers could offer the attackers an effective monetisation strategy and would be a logical extension of the Mouabad family's predilection for premium-rate fraud."
He warned that the malicious functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim's mobile bill.
The firm warned users to only install apps from trusted stores, and make sure that the Android system setting Unknown sources' is unchecked to prevent dropped or drive-by-download app installs.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.