Mobile Virus

Dial/SmsReg!Android

Analysis

Dial/SmsReg!Android is an application for mobile phones running Android which silently registers the victim to non-free services.
It usually comes as a sexy or dating application, and silently sends SMS messages to particular short numbers that subscribe the victim to the corresponding service. The subscription is not free. Its costs depends on the victim's country and the service he/she subscribes to. For instance, it can go up to 10 dollars per month.

Figure 1. Dial/SmsReg!Android main screen
The application does explain in its User Agreement form that the end-user is subscribing to a non-free service. However, there are chances end-users might be abused because it is not easy to see the application sends (costly) SMS messages (User agreement not obvious, have to search for it + no strong warning when sending the SMS messages).

Figure 2. User Agreement exists, but difficult to find in the user interface
Dial/SmsReg!Android exists in multiple versions, customized for various countries.
.

Recommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.