Android malware can make calls even after switching your phone off

A recent warning has come out from AVG has come out that some 3rd party App stores have Apps which bring in a Android Trojan which pretends to shut off your phone when you press the power button.

 The Hacker News has a nice article about it Android Malware Can Spy On You Even When Your Mobile Is Off  or you can read the original AVG post Malware Is Still Spying On You Even When Your Mobile Is Off
As the AVG blog explains:

The malware affects versions of Android older than v.5 (Lollipop) and requires root permission to hijack the shut down process.
After pressing the power button, the phone displays an authentic shutdown animation, and the phone appears off. Although the screen is black, it is still on.
While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying you.

But beyond the obvious problems with a malware spying on you, recording you, and sending your data to Chinese servers, it can be making Premium Rate SMS or calls without your knowing it.

The Hacker news article points this out:

PowerOffHijack malware has ability to silently send lots of premium-rate text messages, make calls to expensive overseas numbers, take photos and perform many other tasks even if the phone is supposedly switched off.

The article also has good options for removing PowerOffHijack and preventing it from getting on your phone

Replacing Flappybird with Premium Number Fruad

Much to the dismay of millions of players, the creator of the Flappybird mobile game took it down from Google Play and Apple iTunes app stores.

Now there has been many speculations as to why someone would take down a game that was earning him $50,000 a day in advertising revenue. The various reasons have been stated as:

• Too Stressful
• Threatened legal action by Nintendo (which they deny)
• It was too addictive

But regardless of what the real reason is people have come in to fill your Flappybird addiction with replacements or by selling phones with it installed on e-bay (which you can not do anymore).

But you should be wary of FlappyBird replacements -According to a report by Trend Microsystems

All of the fake versions we’ve seen so far are Premium Service Abusers — apps that send messages to premium numbers, thus causing unwanted charges to victims’ phone billing statements.

As the TrendMicro article advises:

We advise Android users (especially those who are keen to download the now “extinct” Flappy Bird app) to be careful when installing apps. Cybercriminals are constantly cashing in on popular games (like Candy Crush, Angry Birds Space, Temple Run 2; Bad Piggies) to unleash mobile threats. Our past entry, Checking the Legitimacy of Android Apps, enumerates some tips on how to do avoid suspicious or malicious apps. Users may also opt to install a security app (such as Trend Micro Mobile Security) to be able to check apps even before installation.         

Always remember in cases like this TANSTAAFL so be careful there are those who are out there to take advantage of you.

Nice article on effects of Toll Fraud

Thanks to Mark Collier's VoIP Security Blog I point you to this article that  Toll fraud can put SMEs out of business in minutes.

Unfortunately the premise and conclusions are correct. If you think of the example from the 2011 Astricon where a company was hit for $400,000 in fraud over 2 days then it is easy to see how this kind of hit could cost a small business everything in almost no time.

Real time monitory and proper security checks are needed to help prevent this kind of fraud. I will keep posting details on how you can protect your company, or you can contact me directly for more information about real-time monitoring or VoIP Security Audits.

Term Tuesdays - PBX Hacking

In light of the news last week about the hacking of AT&T user's PBXs to fund Al Qaeda I bring you PBX Hacking.

PBX Hacking

Hacking the PBX to gain unauthorized access, exploiting voicemail security, or trying default or common passwords are a few of many techniques. Fraudsters may also directly contact employees, and using “social engineering” will be able to ascertain useful information that can be used to gain access to systems.

Hacking the PBX to gain access privileges, much like hacking a computer network. This attack type may include denial of service (DoS) attacks, brute force attacks, etc.

Hacking the PBX to gain access to internal computer systems via the link intended for connecting the PBX to the CRM system. This can allow the hacker to access customer data (including credit card information), insert viruses into your system, or otherwise disrupt business by bypassing the firewall.

In the Al Qaeda case they were calling Premium Numbers to charge calls to the enterprise PBXs that were then split with the hacker's and paid to Al Qaeda.

Term Tuesdays - Premium Rate Fraud

Premium Rate Fraud

By tricking a person to call a telephone number that charges more than expected, a fraudster is able to get some sort of revenue from each call.

These attacks come in various forms, but they all have 2 parts:

1.      They have acquired a Premium Rate number that enables them to “revenue share” with the terminating operator.

2.      They trick people into calling the number or use a hacked PBX to dial it themselves.

Part one is easy, they can get numbers from most phone companies who offer them to legitimate businesses. These can include pay per call customer support services, sex lines, satellite lines, etc. In the USA these are usually associated with 1-900 numbers. But with the explosion of mobile virtual network operators (MVNO) it is easy for what looks like a regular number to actually charge more for the termination of the phone call than is expected (more on this when I cover arbitrage fraud).