If you or members of your company's mobile workforce have been racking up unusually high SMS and phone charges on their Android smartphones, a newly discovered malware called BaseBridge could be the culprit.
Mobile security company NetQin warns that the malware has been found thus far in more than 20 Android applications -- with titles such as Voice SMS, Trader, and Donkey Jump -- that are circulating on various Internet forums. The malware is capable of surreptitiously autodialing phone numbers and sending SMSes, thus racking up fees for users.
According to NetQin, this auto-dialing malware is the first of its kind spotted in the wild on Android devices, though similar software has previously been spotted on Symbian devices. BaseBridge should serve to nudge companies that have been dragging their feet in developing security policies for mobile devices and educating end-users on using their devices securely.
When will users learn?
As is often the case when it comes to IT security breaches, end-users are the weak links here. First, a user has to blithely download one of the infected apps from some forum, which is about as sensible as eating a cupcake handed to you by a masked stranger in a dark alley. Next, the end-user has to consent to the malware's prompt to upgrade. This enables the malware to be installed under the software named com.android.battery. From there, the user receives another prompt, this time to restart the app. Doing so formally activates the malware.
Activation launches three malicious services -- AdSmsService, BridgeProvider, and PhoneService -- that communicate with a control server. The server sends the infected device a configuration list containing numbers to dial and SMS messages to send, incurring fees for the user.
BaseBridge is capable of hiding its activities by blocking fee-consumption messages sent to the device from the user's mobile carrier. Moreover, if the malware is installed on a device running the 360 Safeguard mobile security software, it generates a false message stating that the software has been terminated due to an error when, in fact, it's running properly.