IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Android malware discovered calling premium rate numbers

Virus dials up pricey phone lines instead of just texting them.

Android logo

Security researchers have found malware on Android phones that are capable of dialling up premium rate phone numbers in a bid to make money for cyber scammers.

While there are plenty of instances of malware sending text messages to expensive numbers, racking up huge phone bills for victims, this could be the first incident were the malware makes calls without the user's permission, a researcher at IT security company Lookout said.

In a blog post, Lookout researcher John Gamble said the malware, dubbed Mouabad, waits until the phone display switches off and the lock screen activates before making calls. The malware also sends text messages.

"Mouabad.p also ends the calls it makes as soon as a user interacts with their device (e.g. unlocks it)," he said.

"However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p's dialling activity by checking their call histories."

Gamble noted that the risk of infection is low as the malware only works on Android versions older than 3.1 since apps won't start from intents (like "user_present") in later Android versions and Mouabad.p does not have a launcher shortcut.

The malware is also currently restricted to affecting phones in Chinese-speaking regions as the premium-rate SMS and telephone calls rely on country specific phone numbers.

"Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions," said Gamble.

He said the malware representing a "significant jump in functionality" even if users outside these regions were currently unaffected.

Gamble added the command-and-control server is currently down so the exact dialling targets are unknown, "but targeting premium rate telephone numbers could offer the attackers an effective monetisation strategy and would be a logical extension of the Mouabad family's predilection for premium-rate fraud."

He warned that the malicious functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim's mobile bill.

The firm warned users to only install apps from trusted stores, and make sure that the Android system setting Unknown sources' is unchecked to prevent dropped or drive-by-download app installs. 

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Windows 11's nifty new search feature has one major downside
Microsoft Windows

Windows 11's nifty new search feature has one major downside

23 May 2022