Android/VoiceChanger.A!tr.dial

description-logoAnalysis

Android/VoiceChanger.A!tr.dial is a trojan targetting Android mobile phones.
It tries to pass as an application able to change the user's voice in real-time during a call.
Instead it makes a call to a premium number in Romania.

Technical Details


Once installed, Android/VoiceChanger.A!tr.dial looks like an application able to change the user's voice in real-time during a call.

Figure 1. Icon in the application launcher menu.
When started, the application looks like this:

Figure 2. Icon in the application launcher menu.
The top input box is for the user to type in a number, or he can click on the Address Book icon on the left of the input box to select one of his contacts.
The user can then choose from 3 different voices (high, normal or low). Selecting any of the voices will play a small .wav file luring the user into thinking the application will really change his/her voice pitch.
Just below the green "Call" button is a hint in red indicating the service charge is 6 shekels (1,2 euros).
When the user tries to make the call, the application first checks whether the number is an Israeli number. If not,it will just display an error message.
If it is a correct Israeli number, it will display a message asking the user to wait 15 seconds, and call a premium number in Romania:
  • 01240[REMOVED]
  • 012: International prefix in Israel
  • 40: Romania country code
  • [REMOVED]: Premium number

Figure 3. The trojan making the call to the premium romanian number.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
Extreme
FortiAPS
FortiAPU
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2023-03-06 91.01181