Android malware discovered calling premium rate numbers

Virus dials up pricey phone lines instead of just texting them.

Android logo

Security researchers have found malware on Android phones that are capable of dialling up premium rate phone numbers in a bid to make money for cyber scammers.

While there are plenty of instances of malware sending text messages to expensive numbers, racking up huge phone bills for victims, this could be the first incident were the malware makes calls without the user's permission, a researcher at IT security company Lookout said.

In a blog post, Lookout researcher John Gamble said the malware, dubbed Mouabad, waits until the phone display switches off and the lock screen activates before making calls. The malware also sends text messages.

"Mouabad.p also ends the calls it makes as soon as a user interacts with their device (e.g. unlocks it)," he said.

"However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p's dialling activity by checking their call histories."

Gamble noted that the risk of infection is low as the malware only works on Android versions older than 3.1 since apps won't start from intents (like "user_present") in later Android versions and Mouabad.p does not have a launcher shortcut.

The malware is also currently restricted to affecting phones in Chinese-speaking regions as the premium-rate SMS and telephone calls rely on country specific phone numbers.

"Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions," said Gamble.

He said the malware representing a "significant jump in functionality" even if users outside these regions were currently unaffected.

Gamble added the command-and-control server is currently down so the exact dialling targets are unknown, "but targeting premium rate telephone numbers could offer the attackers an effective monetisation strategy and would be a logical extension of the Mouabad family's predilection for premium-rate fraud."

He warned that the malicious functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim's mobile bill.

The firm warned users to only install apps from trusted stores, and make sure that the Android system setting Unknown sources' is unchecked to prevent dropped or drive-by-download app installs. 

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021