Malware Hidden in Windows Mobile Applications

 
 
By Brian Prince  |  Posted 2010-06-07 Email Print this article Print
 
 
 
 
 
 
 

Attackers are targeting devices running Windows Mobile with malware hidden inside mobile apps. Users with infected phones could end up with hundreds of dollars' worth of unauthorized charges to overseas numbers, warns security company Lookout.

Attackers have laced applications for Windows Mobile devices with malware that could cost users serious money in unauthorized charges.

The offending apps are "3D Anti-Terrorist," "PDA Poker Art" and a Codec pack for Windows Mobile 1.0, and were available on several sites providing legitimate mobile software, according to Kevin Mahaffey, CTO of mobile security company Lookout. The company is currently trying to contact sharewareplaza.com, which is the only remaining site researchers found still offering the infected games, he said.

This is not the first mention of "3D Anti-Terrorist" in connection with malware. Researchers at Symantec reported in April that attackers had bundled a malicious dialer dubbed the Terred Trojan with the game.

"When a device becomes infected, the malware stays dormant for approximately three days, then wakes up and dials between four and six premium-rate international numbers, depending on which version of the malware was installed on the device," Mahaffey explained. "After the first round of dialing, the malware stays dormant for one month, then dials the same numbers again, repeating the process every month afterward."

The scheme could potentially ring up large amounts of unauthorized charges if unchecked.

"By waiting several days before waking up, the malware [makes it so that the problem] isn't apparent to a user-if your phone starts making strange-looking calls immediately after installing a game, you'd know exactly why," Mahaffey said. "Because the game is functional, a user is also unlikely to uninstall it. The only evidence of malicious behavior is strange international numbers on a user's phone bill or in their call history. Reports of $10 and $20 monthly charges resulting from this malware have surfaced on developer forums. More sophisticated malware could hide its tracks by removing entries from the call history."

The original "3D Anti-Terrorist" game was developed by Huike, a Chinese company, and there is evidence that the game was repackaged with malware in Russia, which is the home of most of the world's auto-dialer malware, Mahaffey said.

"People who had previously downloaded the '3D Anti-Terrorist' game, Codec Audio pack or 'PDA Poker Art' game should do a thorough check of their call history and phone bill for any unfamiliar or international phone numbers," he said. "They should also download an antivirus software [application] that has been updated to fix this malware ... Users should also make a habit of using antivirus software on their phone if they download applications regularly."

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel