Sneaky Android malware calls premium rate numbers when you’re not looking
You might think that dialer malware went out with dial-up modems and that in these days of broadband you don't need to worry about viruses that call premium rate numbers in order to earn criminals money.
But researchers at mobile security specialist Lookout have uncovered a new piece of malware called Mouabad.p that tries to make money by making calls from your Android smartphone. Of course smartphone fraud involving premium SMS messages isn't new but making calls represents a step up in the malware's functionality.
Writing on the company's blog Lookout's product marketing manager John Gamble says, "Mouabad.p is particularly sneaky and effective in its aim to avoid detection. For example, it waits to make its calls until a period of time after the screen turns off and the lock screen activates. Mouabad.p also ends the calls it makes as soon as a user interacts with their device (e.g. unlocks it)".
It isn't clever enough to modify call logs, however, so victims could uncover its activity by checking their histories. Like other members of the Mouabad family this one also allows attackers to send SMS messages and control various settings relating to premium SMS billing. The malware is believed to be delivered via a dropper app that loads it in the background during its own installation.
The good news is that detection rates are low, the malware only works on Android versions older than 3.1 so owners of newer devices are safe. It's also mainly restricted to Chinese-speaking regions and since premium rate calls rely on country-specific numbers there's little incentive for it spread.
This doesn't mean that users elsewhere or with newer Android versions should get complacent though. As Gamble says, "In the world of mobile malware Mouabad.p is noteworthy because it can initiate a call without user intervention. In addition, Mouabad.p is specifically engineered to evade detection and deletion, concealing its background activities from users wherever possible and attempting to get privileged device access to make itself more difficult to remove".
To protect themselves Android users are advised to install apps only from trusted stores, make sure the system setting Unknown Sources is unchecked to prevent drive-by downloads and install a mobile security app.