Mobile Malware Could Hit Users With Hidden Charges

Attackers have laced applications for Windows Mobile devices with malware that could cost users serious money in unauthorised charges.

The offending apps are “3D Anti-Terrorist,” “PDA Poker Art” and a Codec pack for Windows Mobile 1.0, and were available on several sites providing legitimate mobile software, according to Kevin Mahaffey, CTO of mobile security company Lookout. The company is currently trying to contact sharewareplaza.com, which is the only remaining site researchers found still offering the infected games, he said.

3D Anti-Terrorist

This is not the first mention of “3D Anti-Terrorist” in connection with malware. Researchers at Symantec reported in April that attackers had bundled a malicious dialer dubbed the Terred Trojan with the game.

“When a device becomes infected, the malware stays dormant for approximately three days, then wakes up and dials between four and six premium-rate international numbers, depending on which version of the malware was installed on the device,” Mahaffey explained. “After the first round of dialing, the malware stays dormant for one month, then dials the same numbers again, repeating the process every month afterward.”

Unauthorised Charges

The scheme could potentially ring up large amounts of unauthorised charges if unchecked.

“By waiting several days before waking up, the malware [makes it so that the problem] isn’t apparent to a user—if your phone starts making strange-looking calls immediately after installing a game, you’d know exactly why,” Mahaffey said. “Because the game is functional, a user is also unlikely to uninstall it. The only evidence of malicious behavior is strange international numbers on a user’s phone bill or in their call history. Reports of $10 and $20 monthly charges resulting from this malware have surfaced on developer forums. More sophisticated malware could hide its tracks by removing entries from the call history.”

The original “3D Anti-Terrorist” game was developed by Huike, a Chinese company, and there is evidence that the game was repackaged with malware in Russia, which is the home of most of the world’s auto-dialer malware, Mahaffey said.

“People who had previously downloaded the ‘3D Anti-Terrorist’ game, Codec Audio pack or ‘PDA Poker Art’ game should do a thorough check of their call history and phone bill for any unfamiliar or international phone numbers,” he said. “They should also download an antivirus software [application] that has been updated to fix this malware … Users should also make a habit of using antivirus software on their phone if they download applications regularly.”