MouaBad Android malware earns money by making phone calls

Money-making Android malwareIf you're old enough to remember the days before broadband, you may well recall the problem of Dialer trojan horses. Having infected your PC, they would commandeer your modem and make phone calls to expensive premium rate numbers - earning criminals money in the process.

With the advent of broadband, and modems being consigned to the dustbin, some people probably thought they had seen the last of the premium rate dialer threat.

How wrong they were.

Security researchers at Lookout have reported on a newly discovered piece of malware, that attempts to make money by making phone calls from your infected Android smartphone without requiring any user interaction.

Of course, it's not unknown for Android malware to send SMS messages in their attempt to commit premium-rate fraud, but making phone calls takes things to a new level.

Before you panic, however, there are some caveats.

Firstly, Lookout reports that the malware (which they call MouaBad.p) only works on Android versions older than 3.1. So owners of more modern devices, or those who have been able to keep their mobile operating system updated, shouldn't be at risk.

Secondly, the malware appears to make no attempt to hide its surreptitious calls from the call history - making it easy for users to spot.

And thirdly, the threat does not appear to be widespread and appears to be Chinese-specific. Of course, there's nothing to stop cybercriminals in other parts of the world attempting similar premium rate fraud with their own Android malware.

Lookout also warns that MouaBad's functionality could be used with other malicious intentions:

In theory, this dialing functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim’s wireless bill.

My advice is that everyone who owns an Android device should seriously consider running an anti-virus, and take care about where they download their Android apps from. In all likelihood, Mouabad has been distributed by its creators via rogue applications, perhaps shared via unofficial app stores.

Learn more about the MouaBad malware by reading Lookout's blog post.

Tags: , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , ,

One Response

  1. Robert Connor

    December 11, 2013 at 3:32 pm #

    Is this really a surprise – no and will only get abused more!

Leave a Reply