Premium rate calling Android malware spotted in the wild

The Chinese IT security firm says that infected Droid apps such as Drag Racing, Donkey Jump, Jungle Monkey and Gold Miner were found to be infected with the malware code.

Infosecurity notes that this is a similar scam to the widely-reported DroidDream infections seen earlier this year, when legitimate apps were re-uploaded to the Android Market – Google's equivalent of iTunes – and offered for free download.

This time around, however, the cybercriminals have eschewed the Android Market in favour of various Android forums.

The malware code that is infecting the apps is known as BaseBridge and, says NetQin, during the app install process, the user is asked whether s/he wishes to upgrade, and the malware installs as ''

According to NetQin, BaseBridge has three main services – AdSmsService, BridgeProvider and PhoneService – that appear to access a control server, from which the malware downloads a configuration file to read related information and dial calls or send out SMS messages, so incurring premium fees for the user.

Interestingly, BaseBridge is also said to block text or cell broadcast messages alerting users to the fact that they are incurring fees.

Unconfirmed reports suggest that non-cellular-enabled Android devices such as the WiFi-only versions of the Asus Transformer and Galaxy Tab are also affected by the malware, since BaseBridge places calls via any VoIP services such as Skype on the system, presumably using a simple COM code call, Infosecurity notes.

The malware is also billed as being capable of inserting messages to the inbox of a mobile device at a designated time.

NetQin says that this is the first time this type of self-dialling premium rate malware has been seen in the wild on Android devices, although similar code has been seen on Symbian devices.

What’s Hot on Infosecurity Magazine?