Android dialler hides, resists attempts to remove it

A malicious dialler disguised as an application for adults could become a big problem for Android users, as the malware systematically removes traces of itself from the phone and makes deinstallation impossible through normal means, Dr. Web researchers warn.

Once installed, the malware places its shortcut – without an icon or any captions – on the device’s home screen which can make users believe that the installation has failed.

“In some cases after its launch, Android.Dialer.7.origin can display an error message about the unavailability of the requested service, after which it hides its tracks in the infected system by deleting the shortcut, and operates in the guise of a system service,” they explained.

“The service can be launched using the shortcut, but alternately the dialler can activate it automatically after a system restart, so it doesn’t require user intervention to start its malicious activities.”

The malware places calls to a adult service number in regular intervals. In order for the action to pass unnoticed, it disables the earpiece of the mobile device during the phone calls, and later removes evidence of it from the call log and system log.

This particular variant is set to call a set phone number, but that can easily be changed by the crooks by issuing a simple command.

Even if the victims finally discover the malware on their device, they will have a tough time removing it: it will continually return them to the home screen whenever they try to access the system settings section from which apps can usually be deinstalled.

The company’s mobile AV solution solves that particular problem, and likely others do (or will soon).

The researchers didn’t mention where the malicious app is offered for download – it’s possible they don’t know as they usually get samples from public online services such as Virustotal – but as always, users are urged to be careful when evaluating apps they want to install on their devices.

More about

Don't miss