CallJam malware infects Androids and keeps ringing premium rate numbers

David Bisson

CallJam malware infects Androids and keeps ringing premium rate numbers

Gems

A new mobile malware known as “CallJam” loves to continuously hit up premium phone numbers from the Android devices it infects.

Just like other Android trojans (such as Android.Xiny.19.origin and the DroidJack remote access tool), CallJam likes to masquerade as downloadable games in the official Google Play Store.

Specifically, this particular malware takes the form of a game called “Gems Chest for Clash Royale.”

As many as 500,000 people have downloaded the malicious app since someone first uploaded it to the Google Play Store back in May 2016.

Gems2

That doesn’t bode well for the wallets of half a million Android users, as CallJam is all about making money for its developers. It does this in a number of ways.

First, the malware redirects victims to malicious websites that display fraudulent advertisements. Those ads, in turn, generate revenue for CallJam’s authors.

Second, after the trojan gains administrator privileges (or rather requests them from the user), it contacts its command and control (C&C) server to have some fun.

Oren Koriat and Elena Root of the Check Point Research Team explain what happens next:

“The C&C server then sends CallJam a command with a targeted premium phone number and the desired length of the call. Then it initiates a call using the parameters provided, generating potentially large revenues for the attackers.”

All at the expense of the victims involved!

Hang on. Let’s get something straight: by no means is CallJam the first Android malware to leverage premium phone numbers in an effort to make money for its authors. It follows in the footsteps of Podec and other trojans.

What makes the malware different, however, is its four-star rating on the Google Play Store.

Gems4

That’s because CallJam asks users to rate the app before it initiates, presumably with the promise that they’ll receive some in-game reward.

Smart thinking, note Koriat and Root:

“This is another reminder that attackers can develop high-reputation apps and distribute them on official app stores, putting devices and sensitive data at risk.”

Fortunately, it’s not too difficult to protect against threats like CallJam.

Before they download an app, Android users (and all mobile users, for that matter) should always read the reviews and see if anyone’s comments raise a red flag. They should also always be wary about what permissions their apps ask of them. If an app asks for more permissions than it should, something’s likely off, which means the user shouldn’t download it.

David Bisson David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.
Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES