Mobile Game Trojan Calls the South Pole

UgLyPuNk writes with an excerpt from Gamepron.com: "Freeware games can actually cost you more money than their pay-to-play cousins, as mobile gamers in the UK have learned. A 'booby-trapped' version of a popular Windows Mobile game has been sneakily spending their money while they sleep – by dialing phone numbers in the Antarctic behind their backs."

Re:One really has to wonder...

[Lumbre]

...how they even *found* numbers in the Antarctic. It's not like you can set up a phone line down there, and I can't imagine many people would have occasion to call the Antarctic.

I don't see how you can't imagine phones in Antarctica. It's not like there aren't dozens are hundreds of researchers down there. It doesn't have to be a physical wired connection. It could be a phone connecting to a satellite. As another example of advanced technology in Antarctica, you can find an ATM down there. It's pretty much a normal ATM which they service every couple years. Think abstractly my fellow /.er

What to the hackers gain?

[Michael+Woodhams]

I saw this on the BBC website too, but neither article tells me how it is to the advantage of the hackers to give random people big telephone bills. Do the hackers own some little phone company which the calls are going through? Do they have some overpriced premium number connecting to a computer in Scott Base which recites astrology readings in a synthetic voice?

More seriously: why should the phone OS allow a game to initiate phone calls? (I really hope the answer is 'the OS has a bug' rather than 'that's how they designed it.')

To install or not install

[krischik]

One of the problems with mobile apps is the "allow and install" vs "deny and not install". You read the list of privileged operations and you are left with a tough decision and no middle ground - which would be "deny and still install". If I read the list of requested privileged applications I often get a shiver.

Re:One really has to wonder...

[stonertom]

Wholesale phone minutes is a sleazy business. If you have a good route to an obscure country making loads of calls to it would probably pay off.

Re:Profiting is the easy part

[DNS-and-BIND]

Funny, back when I used to work in toll fraud at one of the Big Three, we regularly had overseas calls in the $3-4 range per minute. A popular destination was Vanuatu along with some other Pacific islands, easily the most expensive of them all. I never really understood porn over voice. Any time I saw the country codes for Pacific islands, I blocked them immediately. Another popular destination for toll fraud was 809, which was part of NANPA but still counted as overseas (Caribbean islands) and thus ran up big charges quickly. The most expensive fee per minute I ever saw was a puzzling destination of INMARSAT. What kind of country is that, I thought to myself as I dialed the number to check what it was. Seaman Mumble picked up the call, it was the bridge of a Navy destroyer! INMARSAT was/is a satellite communications provider for ships at sea. $5.50 per minute, the highest I ever saw.

The point of this rambling post is that toll fraud seems much cheaper these days. Fifty cents a minute to Antarctica seems like nothing compared to rates back in the day.

Re:Android permissions

[mlts]

Android's permissions are either all or nothing when it comes to Internet access. And some apps just ask for that permission for no real reason.

Best way to deal with that is to have a rooted phone and Droidwall. However, this won't protect against an app that was installed that was given capabilities of dialing and sending/receiving SMS/MMS items.

Another item to have is an app called autostarts. You would be surprised on what apps want to hook where.