Security alerts and advisories

Summary

This incident is reported to MCI-CERT while some subscribers got noticed that their mobile billing is beyond expectation. As billing detail has been showed there were some interaction (voice call) to unrelated countries.

Incident analysis has shown that a malware called "Mouabad" is the reason to cause this type of incident.

 

Affected Systems and Products

This malware installs on android operating system for all versions, below 3.1.

 

Impact

  • Unauthorized calls using subscriber SIM card
  • Privacy Violation
  • Data collection

 

Description

Mouabad is particularly sneaky and effective in its aim to avoid detection. It waits to make its calls until a period of time after the screen turns off and the lock screen activates. However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad's dialing activity by checking their call histories.

 

Temporary Solution

Only install apps from trusted stores

Make sure the Android system setting ‘Unknown sources' is unchecked to prevent dropped or drive-by-download app installs

Download a mobile security app like Lookout's app that protects against malware as a first line of defense

Only install trusted antivirus on device

Be careful about choosing permissions that application required for installing

 

Solution

Install updated and trusted antivirus on devices that can detect this malware.