Point mobile research team has discovered new Android malware that it has dubbed CallJam.
CallJam malware includes a premium dialer to generate fraudulent phone calls as well as a rough adnet capable of forcibly displaying ads.
The malware is hidden inside the game “Gems Chest for Clash Royale” which was uploaded to Play in May. Since then, the game has been downloaded up to 500,000 times.
CallJam redirects victims to malicious websites that generate fraudulent revenue for the attacker. The app also displays fraudulent ads on these websites instead of displaying them directly on the device.
Before it can make premium calls, the app requests permission from the user. As has been seen in previous similar attacks, most users grant permissions willingly, often without reading or fully understanding information about the permissions they are granting.
The C&C server then sends CallJam a command with a targeted premium phone number and the desired length of the call. Then it initiates a call using the parameters provided, generating potentially large revenues for the attackers.
Some Android users who downloaded the infected game noticed this strange activity. Since it deceives the users as part of its activity, the game has been able to achieve a relatively high rating. Users are asked to rate the game before it initiates under the false pretense that they will receive additional game currency – another reminder that attackers can develop high-reputation apps and distribute them on official app stores, putting devices and sensitive data at risk.
With any downloaded game, you should read the fine print before agreeing to anything, no matter how good it looks. As the saying goes, nothing is really free.
Adapted from an article by ITonlin