MouaBad Android malware earns money by making phone calls

Graham Cluley
Graham Cluley
@[email protected]

Money-making Android malware If you’re old enough to remember the days before broadband, you may well recall the problem of Dialer trojan horses. Having infected your PC, they would commandeer your modem and make phone calls to expensive premium rate numbers – earning criminals money in the process.

With the advent of broadband, and modems being consigned to the dustbin, some people probably thought they had seen the last of the premium rate dialer threat.

How wrong they were.

Security researchers at Lookout have reported on a newly discovered piece of malware, that attempts to make money by making phone calls from your infected Android smartphone without requiring any user interaction.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, it’s not unknown for Android malware to send SMS messages in their attempt to commit premium-rate fraud, but making phone calls takes things to a new level.

Before you panic, however, there are some caveats.

Firstly, Lookout reports that the malware (which they call MouaBad.p) only works on Android versions older than 3.1. So owners of more modern devices, or those who have been able to keep their mobile operating system updated, shouldn’t be at risk.

Secondly, the malware appears to make no attempt to hide its surreptitious calls from the call history – making it easy for users to spot.

And thirdly, the threat does not appear to be widespread and appears to be Chinese-specific. Of course, there’s nothing to stop cybercriminals in other parts of the world attempting similar premium rate fraud with their own Android malware.

Lookout also warns that MouaBad’s functionality could be used with other malicious intentions:

In theory, this dialing functionality could also be used for other malicious purposes such as remotely spying on conversations within the vicinity of a device microphone, or simply running up a victim’s wireless bill.

My advice is that everyone who owns an Android device should seriously consider running an anti-virus, and take care about where they download their Android apps from. In all likelihood, Mouabad has been distributed by its creators via rogue applications, perhaps shared via unofficial app stores.

Learn more about the MouaBad malware by reading Lookout’s blog post.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “MouaBad Android malware earns money by making phone calls”

  1. Is this really a surprise – no and will only get abused more!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.