Security researchers have found malware on Android phones that are capable of dialling up premium rate phone numbers in a bid to make money for cyber scammers.
While there are plenty of instances of malware sending text messages to expensive numbers, racking up huge phone bills for victims, this could be the first incident were the malware makes calls without the user's permission, a researcher at IT security company Lookout said.
In a blog post, Lookout researcher John Gamble said the malware, dubbed Mouabad, waits until the phone display switches off and the lock screen activates before making calls. The malware also sends text messages.
"Mouabad.p also ends the calls it makes as soon as a user interacts with their device (e.g. unlocks it)," he said.
"However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p's dialling activity by checking their call histories."
Gamble noted that the risk of infection is low as the malware only works on Android versions older than 3.1 since apps won't start from intents (like "user_present") in later Android versions and Mouabad.p does not have a launcher shortcut.
The malware is also currently restricted to affecting phones in Chinese-speaking regions as the premium-rate SMS and telephone calls rely on country specific phone numbers.
"Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions," said Gamble.
He said the malware representing a "significant jump in functionality" even if users outside these regions were currently unaffected.
Gamble added the command-and-control server is currently down so the exact dialling targets are unknown, "but targeting premium rate telephone numbers could offer the attackers an effective monetisation strategy and would be a logical extension of the Mouabad family's predilection for premium-rate fraud."
He warned that the malicious functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim's mobile bill.
The firm warned users to only install apps from trusted stores, and make sure that the Android system setting Unknown sources' is unchecked to prevent dropped or drive-by-download app installs.
