Attackers are targeting devices running Windows Mobile with malware hidden inside mobile apps. Users with infected phones could end up with hundreds of dollars' worth of unauthorized charges to overseas numbers, warns security company Lookout.
Attackers have laced applications for Windows Mobile devices with
malware that could cost users serious money in unauthorized charges.
The offending apps are "3D Anti-Terrorist," "PDA
Poker Art" and a Codec pack for Windows Mobile 1.0, and were available on
several sites providing legitimate mobile software, according to Kevin
Mahaffey, CTO of mobile security
company Lookout. The company is currently trying to contact
sharewareplaza.com,
which is the only remaining site researchers found still offering the infected
games, he said.
This is not the first mention of "3D Anti-Terrorist" in connection
with malware. Researchers at Symantec reported in April that attackers had bundled
a malicious dialer dubbed
the
Terred Trojan with the game.
"When a device becomes infected, the
malware stays dormant for approximately three days, then wakes up and dials
between four and six premium-rate international numbers, depending on which
version of the malware was installed on the device," Mahaffey explained.
"After the first round of dialing, the malware stays dormant for one
month, then dials the same numbers again, repeating the process every month
afterward."
The scheme could potentially ring up large amounts of unauthorized
charges if unchecked.
"By waiting several days before waking up, the malware [makes it so
that the problem] isn't apparent to a user-if your phone starts making
strange-looking calls immediately after installing a game, you'd know exactly
why," Mahaffey said. "Because the game is functional, a user is also
unlikely to uninstall it. The only evidence
of malicious behavior
is strange international numbers on a user's phone
bill or in their call history. Reports of $10 and $20 monthly charges resulting
from this malware have surfaced on developer forums. More sophisticated malware
could hide its tracks by removing entries from the call history."
The original "3D Anti-Terrorist" game was developed by Huike, a
Chinese company, and there is evidence that the game was repackaged with
malware in Russia,
which is the home of most of the world's auto-dialer malware, Mahaffey
said.
"People who had previously downloaded the '3D Anti-Terrorist' game,
Codec Audio pack or 'PDA Poker Art' game
should do a thorough check of their call history and phone bill for any
unfamiliar or international phone numbers," he said. "They should
also download an antivirus software [application] that has been updated to fix
this malware ... Users should also make a habit of using antivirus software on
their phone if they download applications regularly."
Email
Print
