'Fee-Deduction' Malware On Android Spotted In the Wild

'Fee-Deduction' Malware On Android Spotted In the Wild 169

Posted by Soulskill on Tuesday May 31, 2011 @12:50PM from the another-day-another-threat dept.

wiredmikey writes "New malware has been discovered embedded in more than 20 Android applications circulating via various forums on the Internet which auto-dials phone numbers to incur high user fees. Dubbed BaseBridge, the malware can be embedded in legitimate applications, and during the application's installation, the malware prompts the user to upgrade. If the user chooses to upgrade, the malware is installed on the Android device under the name 'com.android.battery'. Then, another prompt would pop up to ask the user to restart the app to run it, and the malware is formally activated upon restart. Once activated, the malware can activate three malicious services — AdSmsService, BridgeProvider and PhoneService, to communicate with a control server, from which it will download a configuration file to read related information and dial calls or send out SMS messages, incurring fees for users."

'Fee-Deduction' Malware On Android Spotted In the Wild

This discussion has been archived. No new comments can be posted.

Search 169 Comments Log In/Create an Account

Comments Filter:

Um.. so which apps (Score:5, Insightful)

by bigredradio ( 631970 ) writes: on Tuesday May 31, 2011 @01:00PM (#36298770) Homepage Journal

It would be nice to see a list of the Apps. If there are "over 20" the list is probably not too large to post.

Re:Rather selfish (Score:5, Insightful)

by WhirlwindMonk ( 1975382 ) writes: on Tuesday May 31, 2011 @01:14PM (#36298992)

If only there were a setting to allow sideloading. One that's disabled by default to protect unsavvy users, but is easily enabled by people who know what they're doing/willing to accept the risks. Oh, hey, look! There it is! "Unknown Sources: Allow installation of non-market applications."

Good to know that the iphone has a similar setting, that was a good move on Apple's part. Oh, wait, it doesn't? You have to exploit security holes to enable sideloading? Huh. How about that.

Re:What's the purpose of this? (Score:5, Insightful)

by TheRaven64 ( 641858 ) writes: on Tuesday May 31, 2011 @01:33PM (#36299290) Journal

Not always. The best ones set up quite a low rate and don't make the malware call it more than once or twice. If someone gets a 50 charge on their telephone bill, then they are unlikely to query it. If they do, then the phone company will probably just give them a refund and eat the cost - they probably charge more than 50 for the call to their support line anyway. 50 doesn't sound like much, but if you get a couple of million infections then that's a huge amount of money. Ideally, they'll register a few hundred premium rate numbers and have the malware dial a random one.

Re:Linux doesn't appear to be immune to malware (Score:2, Insightful)

by Goose In Orbit ( 199293 ) writes: on Tuesday May 31, 2011 @01:49PM (#36299518)

Feeding time...
I take you you use a perfect OS then? Do tell us what it is...

Re:Well (Score:5, Insightful)

by cHiphead ( 17854 ) writes: on Tuesday May 31, 2011 @02:48PM (#36300172)

In my day, we called that "installing" a program. Sideloading? Really? What has the world come to? DRM-ified nonsense.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

'Fee-Deduction' Malware On Android Spotted In the Wild 169

'Fee-Deduction' Malware On Android Spotted In the Wild More Login

'Fee-Deduction' Malware On Android Spotted In the Wild

Um.. so which apps (Score:5, Insightful)

Re:Rather selfish (Score:5, Insightful)

Re:What's the purpose of this? (Score:5, Insightful)

Re:Linux doesn't appear to be immune to malware (Score:2, Insightful)

Re:Well (Score:5, Insightful)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot