Security alerts and advisories

This incident is reported to MCI-CERT while some subscribers got noticed that their mobile billing is beyond expectation. As billing detail has been showed there were some interaction (voice call) to unrelated countries.

Incident analysis has shown that a malware called "Mouabad" is the reason to cause this type of incident.

Affected Systems and Products

This malware installs on android operating system for all versions, below 3.1.

  • Unauthorized calls using subscriber SIM card
  • Privacy Violation
  • Data collection

Mouabad is particularly sneaky and effective in its aim to avoid detection. It waits to make its calls until a period of time after the screen turns off and the lock screen activates. However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad's dialing activity by checking their call histories.

Temporary Solution
  • Only install apps from trusted stores
  • Make sure the Android system setting ‘Unknown sources' is unchecked to prevent dropped or drive-by-download app installs
  • Download a mobile security app like Lookout's app that protects against malware as a first line of defense
  • Only install trusted antivirus on device
  • Be careful about choosing permissions that application required for installing
  • Install updated and trusted antivirus on devices that can detect this malware.