Scammers are distributing apps for Windows Mobile-based smartphones that have malware hidden inside that makes calls to premium-rate numbers across the globe, racking up expensive bills unbeknownst to the phone's owner, a mobile security firm said on Friday.
The apps--3D Anti-Terrorist game, PDA Poker Art, and Codec pack for Windows Mobile 1.0--are being distributed on as many as nine popular download Web sites, including DoDownload, GearDownload, and Software112, according to John Hering, chief executive and founder of mobile security provider Lookout.
Someone has copied the programs and repackaged them with the malware inside, he said. Once the app is installed the virus wakes up and starts dialing premium-rate numbers like in Somalia and the South Pole, Hering said. He added that victims may not know about the problem until they get their phone bill and see that it's $50 or $100 higher than it should be.
Auto-dialer scams are common in Russia and other countries but are still relatively rare in the United States. But that will change. Six months ago, Lookout saw four pieces of malware per 100 phones. Now, that figure has more than doubled to nine pieces of malware for every 100 phones, Hering said.
Hering said Microsoft had been contacted about the issue, but that the problem is not due to any vulnerability in the Windows Mobile software and therefore can't simply be patched.
"Users need to be aware of what they are downloading and make sure it is a reputable source and from a reputable developer," he said. Lookout is one of a growing number of companies that offer software and services to help protect mobile devices from malware and other threats.
Microsoft is aware of the issue and is currently investigating it, said Jerry Bryant, group manager for Response Communications at Microsoft.
"As always, Microsoft continues to encourage customers to follow all of the steps of the 'Protect Your Computer' guidance of enabling a firewall, applying all software updates and installing antivirus and antispyware software," he said. "While Microsoft does not have a mobile AV product we do detect and protect in certain scenarios. The general protect guidance also applies to mobile phone users: http://www.microsoft.com/protect/."
The hidden auto-dialing malware incidents are noteworthy because they signal a shift from attackers seeking mere notoriety to profit-motivated fraud, Hering said.
"What took 15 years for malware to evolve on the desktop is accelerated on the mobile platform," he said. "We're seeing it move from early proof-of-concept (malware) to things that are driving profit."
Updated 4:35 p.m. PDT with Microsoft comment.