Windows mobile Trojan poses as war game
Shoot 'em up racks up premium rate calls
Miscreants have created a Trojaned version of a Windows mobile game that makes expensive international phone calls from compromised smartphones.
Pirated versions of 3D Anti-terrorist action, a first-person shooter developed by Beijing Huike Technology in China, and uploaded onto several Windows Mobile freeware download sites, come with a nasty add-on courtesy of Russian virus writers. Compromised phones start attempting to silently make expensive international calls without user involvement, as reported in a thread on the XDA-Developers' forum, featuring the experience of a UK victim of the Trojan.
Analysis of the malware by Finnish security firm F-Secure reveals that the malicious code initiates several phone calls to international premium-rate numbers. Presumably VXers receive a percentage of the resulting revenue.
In any case, F-Secure Mobile Security has been updated to detect and block Trojanized versions of this game. Other anti-virus firms can be expected to follow, though the best defence is not to download copies of the game in the first place, of course.
A full write-up of the threat, complete with screenshots, can be found in an informative blog posting by Mikko Hypponen, chief research officer at F-Secure, here.
Using illicit copies of mobile games to trick users into downloading malware has happened before, albeit infrequently, and is far from restricted to Windows mobile devices. F-Secure compares the latest Trojan mobile game to a game called Mosquitos from six years back that bit users of Symbian smartphones by sending premium-rate SMS messages. ®
i do recall a article on the register a few weeks back about a exploit on the apple twatphone....
be it a jailbroken one... coz users are fed up of the handcufs
Make the telephone service provider confirm verbally that person calling premium rate number is
1. the contract owner
2. of age
They already do this for UK premium rate lines, if the telephone owner cannot be confirmed to be making the call and is aged appropriately then it is not chargable.
remove this profitable loophole for the thieves and the problem goes elsewhere
Perhaps this technique could be used...
...to make FACT self-financing?
I have to wonder..
..why someone hasn't done this for the iphone already. So many apps being made for the app store, I don't think whatever review service Apple have is going to cope with a determined effort to get malware in there.
Yeah, it'll get caught/blocked eventually. After how many premium rate calls/texts?