The CallJam Android Malware Can Rack up a Huge Phone Bill

CallJam Android Malware Sneaks Its Way Into The Google Play Store

Last year Google said that there are more than 1.4 billion active Android devices out there. As you might imagine, one of the biggest technology companies in the world wouldn't be too happy to see a significant number of those phones and tablets get infected with malware. That's why putting a mobile application on Google Play is not as simple as uploading the APK file and waiting for the download figure to grow. There are strict security measures in place, but occasionally, threat actors manage to find their way around them. The most recent threat was detected last week by Check Point, a security company. Dubbed CallJam, the malware came in the form of an application called Gems Chest for Clash Royale.

The app appeared on the Google Play Store in May, and in a matter of about four months, it managed to rack up between 100,000 and 500,000 downloads. As soon as Check Point alerted Google about the malware, Gems Chest for Clash Royale was taken down. And with good reason.

The whole operation was incredibly cunning. Gems Chest for Clash Royale promoted itself as a free guide full of useful information for people playing the popular Clash Royale mobile game. It asked users to rate it before they even got to check it out and promised that in exchange for the rating, they would receive additional game currency. That's how Gems Chest for Clash Royale convinced about 4,700 users to give it an average rating of just over four stars. The reviews also suggest that the app asked for some sort of human confirmation, though information on this particular aspect is scarce.

Some users noted that the guides were hard to read, which shouldn't really be a surprise because Gems Chest for Clash Royale's aim wasn't to give people useful gaming advice. Its goal was to generate revenue for the scam artists that developed it. It did that in two ways.

First, it would redirect victims to potentially harmful websites that display fraudulent ads. Unlike other adware applications, it would use the browser instead of the app to show the ads. Ruining your browsing experience was just one of CallJam's traits.

The malware was also designed to call premium numbers, thus generating revenue for the threat actors. Of course, before it could make calls, the app needed permission to do so, and it kindly asked for it. Because it was downloaded from the Google Play Store and because generally speaking, users are a bit careless when it comes to reading the permissions needed for apps to run, many people allowed Gems Chest for Clash Royale to make calls.

Then, the malicious app would connect to its Command & Control server and would receive the premium number and the call length. The results were visible in the massive phone bill some people received at the end of the month.

Taking down the Gems Chest for Clash Royale app means that CallJam is gone for now. That said, it might appear in another form in the future. What's more, it's far from the only Android threat, which goes to show that being careful with the apps you install on your phone is essential.