11 Dec 2013

Mouabad Android Malware calling to Premium numbers; Generating revenue for its Master

Android platform is a primary target for malware attacks from few years and during 2013, more than 79% of mobile operating malware threats are taking place on Android OS. 

Mouabad Android Malware calling to Premium numbers for generating revenue its Master


Till now we have seen the majority of Android malware apps that earn money for their creators by sending SMS messages to premium rate numbers from infected devices. 

Security researchers at Lookout identified an interesting monetized Android Malware labeled as 'Mouabad', that allow a remote attacker to make phone calls to premium-rate numbers without user interaction from C&C servers by sending commands to the malware.

The technique is not new, but infection from such app notified first time in the wild. The variant dubbed MouaBad.p., is particularly sneaky and to avoid detection it waits to make its calls until a period of time after the screen turns off and the lock screen activates.

"Mouabad.p also end the calls it makes as soon as a user interacts with their device (e.g. unlocks it). However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p’s dialing activity by checking their call histories." 

Risk of infection is low, because the malware app works only on devices running Android version 3.1 or old and designed to mainly target Chinese-speaking users. 

"Mouabad.p and other trojans that can financially harm users and effectively hide themselves underscore the need for sophisticated mobile malware protection.

Android architecture loophole contributes to the growth of Android malware. It basically can't identify the difference between a legit app i.e. Taking permissions to read your Contacts or SMS (i.e. True Caller),  or a malicious applications (i.e. Trojans), or state-sponsored applications (i.e. WeChat). 

Neither  Android architecture allows users to revoke the list of permissions they don't want to give to an application. For now, If you own a Smartphone, I highly recommend you to install applications only from some trusted App Store i.e. Google Play.

Source:The Hacker News