Security researchers John Gamble and team identified a new and particularly interesting variant of Mouabad, which we’ve dubbed MouaBad.p. For the first time, remote attackers can now make phone calls (possibly to premium-rate numbers) without user intervention. This represents a significant jump in functionality compared to more common premium-rate fraud that relies on SMS functionality.
Malicious mobile software often sends SMS texts to premium rate numbers, but this may be the first time Android malware has been caught making calls without the users’ permission, according to researchers at Lookout.
The good news is that the risk of infection is low. Mouabad.p only works on Android versions older than 3.1 since apps won’t start from intents (like “user_present”) in later Android versions and Mouabad.p does not have a launcher shortcut.
Lookout detection volumes of Mouabad.p are low and restricted primarily to Chinese-speaking regions. Since premium-rate SMS and telephone calls rely on country specific phone numbers Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions.
MouaBad.p depends on hooks into the operating system (known as intents) that start the app each time the device boots and whenever the device unlocks. This enables the malware to function without a suspicious icon on the home screen that might otherwise alert the device owner to its presence.
Android device should seriously consider running an anti-virus, and take care about where they download their Android apps from. In all likelihood, Mouabad has been distributed by its creators via rogue applications, perhaps shared via unofficial app stores.
The malware only works on android older than version 3.1. So, those who have the latest android version need not to worry.
Malicious mobile software often sends SMS texts to premium rate numbers, but this may be the first time Android malware has been caught making calls without the users’ permission, according to researchers at Lookout.
The good news is that the risk of infection is low. Mouabad.p only works on Android versions older than 3.1 since apps won’t start from intents (like “user_present”) in later Android versions and Mouabad.p does not have a launcher shortcut.
Lookout detection volumes of Mouabad.p are low and restricted primarily to Chinese-speaking regions. Since premium-rate SMS and telephone calls rely on country specific phone numbers Mouabad.p will not function outside of targeted countries so there is no incentive for the attackers controlling it to allow it to spread outside these regions.
MouaBad.p depends on hooks into the operating system (known as intents) that start the app each time the device boots and whenever the device unlocks. This enables the malware to function without a suspicious icon on the home screen that might otherwise alert the device owner to its presence.
Android device should seriously consider running an anti-virus, and take care about where they download their Android apps from. In all likelihood, Mouabad has been distributed by its creators via rogue applications, perhaps shared via unofficial app stores.
The malware only works on android older than version 3.1. So, those who have the latest android version need not to worry.
Thank you for sharing the informative post and the fact about the scam. If you want to have secure premium number just visit http://www.audiotextsolutions.com/
ReplyDelete