Lookout researchers have analyzed the interesting threat

Dec 10, 2013 14:51 GMT  ·  By

A new version of the MouaBad mobile malware is capable of making phone calls from infected phones without user interaction. Researchers from Lookout have analyzed the threat, which they called MouaBad.p.

Earlier versions of the malware were mainly developed to send out SMS messages to premium rate numbers from infected phones. For each of the messages sent out, the victim would be charged a certain amount of money.

MouaBad.p, on the other hand, is capable of sending SMSs and making calls. Lookout believes that this threat is the first one that’s capable of making calls to premium rate numbers without user interaction.

“The method Mouabad.p uses to make and end calls is unusual in that it uses reflection to access private methods in TelephonyManager to make and end calls (as opposed to the more common use of intents),” Lookout experts noted in a blog post.

However, experts note that MouaBad is not difficult to identify since it’s not designed to modify call logs. This means that all the calls it makes will show up on the call history screen.

Another thing about this Trojan is that it only works on Android versions older than 3.1, which means that the risk of infection is low. Furthermore, the malware appears to be designed to mainly target Chinese-speaking users.

It’s also worth noting that MouaBad.p employs some clever techniques to evade detection. The calls it makes are immediately ended if the user interacts with the device. Furthermore, it attempts to gain privileged device access to become more difficult to remove.

Experts believe the threat is most likely distributed with the aid of rogue applications.

Another interesting thing mentioned by Lookout is the fact that MouaBad’s dialing functionality can be utilized for other malicious purposes, including spying on conversations.