How to make money with mobile malware

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Old phone
Remember the old days of dialler Trojan horses?

Back when most of us didn’t have broadband at home, and connected to the internet via a modem, we saw a type of malware which could take advantage of the phone line plugged into the back of your PC and dial an expensive premium rate number.

In this way, criminal hackers could make money out of your infected computer – and you might know anything about it until you received an expensive telephone bill.

Dialler Trojan horses went the way of the dinosaur as consumers turned their back on modem connections and adopted broadband en masse.

Sign up to our free newsletter.
Security news, advice, and tips.

But, as F-Secure’s Mikko Hypponen explained today at the Virus Bulletin conference, the threat may have returned in a different form through the use of virtual premium rate numbers.

3d anti-terrorist action
Earlier this year I described the Terdial Trojan horse, which was distributed posing as a Windows mobile game called “3D Anti-terrorist action”, but appeared to make calls to Antarctica, Dominican Republic, Somalia and Sao Tome and Principe without the owner’s permission.

So how did it make money for the hackers?

Well, it transpires that although the Trojan did make phone calls to numbers associated with various far-flung corners of the world, the calls never made it that far.

That’s because the phone numbers were what are known as virtual numbers. It’s perfectly possible to find telephone operators on the web who will rent you premium phone number associated with, say, Antarctica, and pay you every time that a call is made.

Unlike other legitimate premium rate numbers (such as 1-900 in USA), there is no regulation preventing abuse of the virtual numbers, and the ‘owner’ of the number gets paid instantly rather than having to wait 30 days.

And your call never actually gets as far as Antarctica or North Korea. It’s stopped in your own country, but you’re still billed as though you rang that far away place.

The days of Trojan horses making money out of dial-up modem connections may be long gone, but here’s a model for money-making that mobile malware authors could certainly exploit.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.