Categories: MobilityWorkspace

Mobile Malware Could Hit Users With Hidden Charges

Attackers have laced applications for Windows Mobile devices with malware that could cost users serious money in unauthorised charges.

The offending apps are “3D Anti-Terrorist,” “PDA Poker Art” and a Codec pack for Windows Mobile 1.0, and were available on several sites providing legitimate mobile software, according to Kevin Mahaffey, CTO of mobile security company Lookout. The company is currently trying to contact sharewareplaza.com, which is the only remaining site researchers found still offering the infected games, he said.

3D Anti-Terrorist

This is not the first mention of “3D Anti-Terrorist” in connection with malware. Researchers at Symantec reported in April that attackers had bundled a malicious dialer dubbed the Terred Trojan with the game.

“When a device becomes infected, the malware stays dormant for approximately three days, then wakes up and dials between four and six premium-rate international numbers, depending on which version of the malware was installed on the device,” Mahaffey explained. “After the first round of dialing, the malware stays dormant for one month, then dials the same numbers again, repeating the process every month afterward.”

Unauthorised Charges

The scheme could potentially ring up large amounts of unauthorised charges if unchecked.

“By waiting several days before waking up, the malware [makes it so that the problem] isn’t apparent to a user—if your phone starts making strange-looking calls immediately after installing a game, you’d know exactly why,” Mahaffey said. “Because the game is functional, a user is also unlikely to uninstall it. The only evidence of malicious behavior is strange international numbers on a user’s phone bill or in their call history. Reports of $10 and $20 monthly charges resulting from this malware have surfaced on developer forums. More sophisticated malware could hide its tracks by removing entries from the call history.”

The original “3D Anti-Terrorist” game was developed by Huike, a Chinese company, and there is evidence that the game was repackaged with malware in Russia, which is the home of most of the world’s auto-dialer malware, Mahaffey said.

“People who had previously downloaded the ‘3D Anti-Terrorist’ game, Codec Audio pack or ‘PDA Poker Art’ game should do a thorough check of their call history and phone bill for any unfamiliar or international phone numbers,” he said. “They should also download an antivirus software [application] that has been updated to fix this malware … Users should also make a habit of using antivirus software on their phone if they download applications regularly.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago