14 DAY TRIAL // Mobile security experts from Check Point have stumbled upon a new Android malware variant that specializes in showing ads and making hidden calls to premium service numbers.
Check Point named this malware CallJam, due to the large number of calls it makes after infecting users.
The only app through which Android users got infected with CallJam is named Gems Chest for Clash Royale, which Google removed today after Check Point released its report.
CallJam shows ads inside browsers, not inside the app
Before being taken down, the app had between 100,000 and 500,000 downloads, a positive rating of 4.0.
Check Point says that this rating was fake and does not reflect its true nature because the app rewarded users who gave it a rating using in-game currency.
At the technical level, CallJam is more tricky than fellow adware variants because it does not intrude on the user's gaming experience by overlaying ads. It does this by opening a browser and showing the ads there.
The app's more deadly feature is its ability to place premium calls. Fortunately, the app needs to request permissions for this behavior, but we all know how some users just go through all the permissions popups and install whatever is presented to them.
As such, CallJam has managed to infect quite a large number of users, placing calls on their behalf, earning revenue for the crook, and creating unwanted costs for victims.
Almost every month, there's an incident like this
One of the users spotted this behavior and even submitted a review on the app's Google Play Store page, where he wrote, "It [the app] dialed a wrong international no. [number] Continuously Wtf."
At the start of September, Check Point also detected the DressCode Android malware hidden in over 40 apps uploaded on the Google Play store.
In August, the Intel McAfee team uncovered another six apps that also managed to bypass Google's strict security measures.
