Android/VoiceChanger.A!tr.dial
Analysis
Android/VoiceChanger.A!tr.dial is a trojan targetting
Android mobile phones.
It tries to pass as an application able to change the user's
voice in real-time during a call.
Instead it makes a call to a premium number in Romania.
Technical Details
Once installed, Android/VoiceChanger.A!tr.dial looks like an application able to change the user's voice in real-time during a call.
Figure 1. Icon in the application launcher menu.
When started, the application looks like this:
Figure 2. Icon in the application launcher menu.
The top input box is for the user to type in a number, or he can click on the Address Book icon on the left of the input box to select one of his contacts.
The user can then choose from 3 different voices (high, normal or low). Selecting any of the voices will play a small .wav file luring the user into thinking the application will really change his/her voice pitch.
Just below the green "Call" button is a hint in red indicating the service charge is 6 shekels (1,2 euros).
When the user tries to make the call, the application first checks whether the number is an Israeli number. If not,it will just display an error message.
If it is a correct Israeli number, it will display a message asking the user to wait 15 seconds, and call a premium number in Romania:
- 01240[REMOVED]
- 012: International prefix in Israel
- 40: Romania country code
- [REMOVED]: Premium number
Figure 3. The trojan making the call to the premium romanian number.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
Extreme | |
FortiAPS | |
FortiAPU | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2023-03-06 | 91.01181 |