Mobile malware that sends premium SMS messages and calls from Android devices has been detected.
According to research released by ZScaler, the functions of MouaBad.P include making calls to premium numbers in order to generate revenue, harvesting SIM card information and checking for internet connectivity. It found that the premium rate numbers are all located in China.
“Forcing Android applications to initiate calls to premium phone numbers controlled by the attackers is a common revenue generation scheme that we see, particularly in Android applications distributed in third party Android app stores,” it said.
The malware apparently watches the screen and keyguard status; and functions seen by ZScaler suggest that it has the ability to make calls, end calls and cancel a missed call notification.
“The application installs itself silently. Once installed, no icon is observed for this app. Also shown in the previous screenshot is the fact that the application waits for the screen and keyguard events before triggering its malicious activity,” the report said.
“It does all of the activity without user intervention. This allows the malware to function without a suspicious icon on the home screen that just one of technique used by malware authors to evade its presence to the device owner.”
Also this week, FireEye detected the mobile botnet MisoSMS that has been used in at least 64 spyware campaigns. This botnet leverages webmail services for its command and control infrastructure. Once installed, this application sends stolen SMS messages to the attacker’s email address over an SMTP connection.
Mobile analyst Alan Goode told IT Security Guru that these campaigns have targeted users in China and Korea where ‘unofficial’ app stores are not as well protected against malware as ‘official’ stores.
“Currently if you reside in a regulated country like the UK, most of the EU countries and USA, the chances of being affected by mobile malware are very low. There are also more examples of users going to file-sharing networks to download pirated mobile apps – a lot of which will be Trojans,” he said.
“In our research for Ofcom from earlier this year, the consensus was that [mobile malware] was something that wasn’t currently prevalent, but needed constant monitoring in case things escalated. Android is getting better as a platform for security; the biggest issue is getting more users onto later versions (v 4.0 onwards) that have less vulnerabilities. There are still a lot of users that are on older versions that are known to be vulnerable.”
He also said that he was not aware if mobile botnets were typical, but he assumed that they existed mainly in countries such as those where ‘unofficial’ app stores are popular.
