Advanced Android Malware Seen Calling Premium Rate Numbers

A piece of Android malware has been spotted calling premium rate numbers to make money for cyber crooks.

Malicious mobile software often sends SMS texts to premium rate numbers, but this may be the first time Android malware has been caught making calls without the users’ permission, according to researchers at Lookout.

Android malware scare

To avoid detection, the malware, which is also capable of sending messages to premium rate numbers, waits for a period of time after the phone screen turns off and the lock screen activates before making calls. It also ends the call as soon as the owner starts using the device.

It does not show up as an icon on the home screen either, thanks to clever use of “intents” in the Android OS. Intents can be used to call on other Android components to carry out functions.

Yet the premium numbers still show in the call logs, which the malware cannot modify.

Lookout, which dubbed the malware MouaBad.p, said it represented “a significant jump in functionality”, even if UK users might not have much to worry about.

“The good news is that the risk of infection is low. Mouabad.p only works on Android versions older than 3.1 since apps won’t start from intents (like “user_present”) in later Android versions and Mouabad.p does not have a launcher shortcut,” the company wrote in a blog post.

“Lookout detection volumes of Mouabad.p are low and restricted primarily to Chinese-speaking regions. Since premium-rate SMS and telephone calls rely on country specific phone numbers Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions.”

What do you know about Internet security? Find out with our quiz!