Why Cybercriminals Want to Rack Up Your Phone Bill: The CallJam Malware


As smartphones get more sophisticated, it’s easy to forget their humble origins. Through today’s mobile apps, we can manage finances, order Ubers, and even do office work from the beach. But remember old-school flip-phones? They stood for one purpose – simply to make calls – and we all had them. Well, it turns out that basic function of dialing a number is as relevant as ever, especially for cybercriminals. In fact, they’ve recently hijacked as many as half a million Android phones just to make calls, using the CallJam malware.

CallJam is unique among existing malware – applications that let crooks manipulate devices’ behavior – because of its peculiar goal. After smartphones are infected, unlucky users will see their mobiles dial up mysterious numbers from around the globe.

Now, that seems strange at first, primarily because of motive. Why would criminals do this? They’re not interested in deep and meaningful conversations. A person isn’t even necessarily on the other end of the call, ruling out illicit persuasion as a motivator. Truth be told, the heart of the matter is likely telecommunications fraud.

In the past, criminals have used a tactic that involved leased premium phone numbers – the ones that charge an incredibly high price-per-minute – and profit-sharing. Essentially, perpetrators negotiate to receive a kickback from the number’s owner in exchange for directing calls to it. There’s a simple rationale that makes this lucrative. When costly calls are made, somebody has to pay for it. Large sums on the user’s balance sheet can translate into more money padding up villains’ coffers.

While nobody has officially verified this as the motive for CallJam, this type of fraud has been on our radar for a while. The difference this time is that the rogues are pulling off this trick by infecting mobile phones, rather than landlines.

The infection starts when a user unknowingly downloads a malicious app. Think about the last time you browsed Google Play, the official Android marketplace. There’s a plethora of apps to draw your interest! Although Google has stringent safeguards to ensure their safety, clever criminals may sneak malicious programs among them. That’s exactly what happened with CallJam. It was disguised within the “Gems Chest for Clash Royale” app. Uploaded in May, it has unfortunately been downloaded 100,000 to 500,000 times.

After installation, the malware starts doing damage. CallJam actually contains a number of technically sophisticated commands, including sending web browsers to ad-serving websites. However, for routing calls, there’s no wizardry involved at all. In fact, you may not believe how basic the trick is: the app simply asks users for permission to use the phone.

You see, when Android apps are installed, a pop-up window typically appears, asking for permission to access other device features. For example, messaging services may want to scan your contacts to let you chat with them, or ride-sharing services may need GPS to identify pick-up locations. Now, users can always deny these permissions. But in this case, many consumers must not have fully understood or read them. In the end, many people simply gave crooks permission to access their dial pad.

Now, Google has already removed CallJam from its marketplace and issued updates to combat this form of malware. That means it’s no longer easily downloadable. However, this incident still contains key lessons for anyone with a smartphone in their pocket. As convenient as installing apps can be, let’s not forget the dangers they can pose in the form of malicious code. And when it comes to villains trying to pull their scams, let’s not overlook our phones’ core function: making calls.

Use these three tips to keep your smartphone safe:

  • Read app permissions carefully. Does a game really need access to your call history? Why does a weather widget want to access your camera? Take the time to read all the access that applications ask you to grant, and make sure to turn down any suspicious or unnecessary requests.
  • Research before installing apps. If you read CallJam’s reviews, you’d see a few red flags. Many users complained about their mobiles forced to repeatedly make long-distance calls. So take the time to thoroughly check out reviews and comments, and don’t rely solely on an application’s rating.
  • Don’t return missed calls from unknown numbers. In another version of phone call fraud, rogues will first ring up victims’ phones, then await a return dial. These numbers can even be made to appear as local area codes! So don’t chase down unknown numbers. True friends will ring you up again later.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.


Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top