The Check Point security has uncovered a new Android malware titled CallJam that is hosted on the Google Play Store.
The CallJam Malware Has Been Removed from Google Play
The CallJam malware is used to generate counterfeit phone calls by its included dialer program. Its other feature is used to display advertisments on the victim devices. The security engineers have found it hiding in a game titled Gems Chest for Clash Royale. The game has been downloaded between 100 000 and 500 000 times since May 2016.
CallJam works by redirecting victims to malicious sites that generate revenue based on clicks. The application also displays ads that are tied to paid networks. The next feature that the malware exploits is premium call dialing. Before those are carried out the requests the needed permissions from the user. Most users grant these privileges without reading thus allowing the app to dial at will. The remote C&C server sends CallJam infected devices a command that includes targeted premium phone numbers and the desired length of the call. The parameters are initiated by the devices and the revenue is paid out to the attackers.
The application hijacks the user device and as such grants itself a high rating on the Google Play store. A number of users have reported that CallJam has made international premium calls as well.
The Check Point staff has notified Google about the threat. The application was removed by the Google Play team.