Android malware racks up phone and SMS fees

Security threat from autodialing BaseBridge malware underscores the need for organizations to devise policies for securing users' mobile devices

If you or members of your company's mobile workforce have been racking up unusually high SMS and phone charges on their Android smartphones, a newly discovered malware called BaseBridge could be the culprit.

Mobile security company NetQin warns that the malware has been found thus far in more than 20 Android applications -- with titles such as Voice SMS, Trader, and Donkey Jump -- that are circulating on various Internet forums. The malware is capable of surreptitiously autodialing phone numbers and sending SMSes, thus racking up fees for users.

According to NetQin, this auto-dialing malware is the first of its kind spotted in the wild on Android devices, though similar software has previously been spotted on Symbian devices. BaseBridge should serve to nudge companies that have been dragging their feet in developing security policies for mobile devices and educating end-users on using their devices securely.

When will users learn?
As is often the case when it comes to IT security breaches, end-users are the weak links here. First, a user has to blithely download one of the infected apps from some forum, which is about as sensible as eating a cupcake handed to you by a masked stranger in a dark alley. Next, the end-user has to consent to the malware's prompt to upgrade. This enables the malware to be installed under the software named From there, the user receives another prompt, this time to restart the app. Doing so formally activates the malware.

Activation launches three malicious services -- AdSmsService, BridgeProvider, and PhoneService -- that communicate with a control server. The server sends the infected device a configuration list containing numbers to dial and SMS messages to send, incurring fees for the user.

BaseBridge is capable of hiding its activities by blocking fee-consumption messages sent to the device from the user's mobile carrier. Moreover, if the malware is installed on a device running the 360 Safeguard mobile security software, it generates a false message stating that the software has been terminated due to an error when, in fact, it's running properly.

Stay ahead of mobile malware
BaseBridge isn't the only malware tailored for mobile devices to be found in the wild; last March, DroidDream infected 50-plus Android Marketplace apps. Security experts expect more mobile malware to come -- and history would suggest the same.

NetQin did offer some common-sense tips to help users avoid getting bitten by mobile malware. They include:

  1. Only download applications from trusted sources, taking time to check reviews, ratings, and developer information.
  2. Scan downloaded apps with security software to detect malware.
  3. Do not blindly accept software's prompting for upgrades or updates.
  4. Keep an eye open for unusual mobile phone behavior, such as unexpected phone charges.

Those tips could be applied to an organizations' formal mobile security policies. For example, end-users could be prevented from downloading unapproved apps and could have mobile security software enabled on their phones before they're permitted to start using their devices for work purposes.

This article, "Android malware racks up phone and SMS fees," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.

Copyright © 2011 IDG Communications, Inc.