I have been working on Android Malware architectures since last two years and created 100's of sample of most sophisticated malware for demo purpose.
Till now we have seen the majority of Android malware apps that earn money for their creators by sending SMS messages to premium rate numbers from infected devices.
Security researchers at Lookout identified an interesting monetized Android Malware labeled as 'Mouabad', that allow a remote attacker to make phone calls to premium-rate numbers without user interaction from C&C servers by sending commands to the malware.
The technique is not new, but infection from such app notified first time in the wild. The variant dubbed MouaBad.p., is particularly sneaky and to avoid detection it waits to make its calls until a period of time after the screen turns off and the lock screen activates.
"Mouabad.p also end the calls it makes as soon as a user interacts with their device (e.g. unlocks it). However, this malware variant does not appear to have the ability to modify call logs so a discerning victim could uncover Mouabad.p’s dialing activity by checking their call histories."
Risk of infection is low, because the malware app works only on devices running Android version 3.1 or old and designed to mainly target Chinese-speaking users.
"Mouabad.p and other trojans that can financially harm users and effectively hide themselves underscore the need for sophisticated mobile malware protection."
Android architecture loophole contributes to the growth of Android malware. It basically can't identify the difference between a legit app i.e. Taking permissions to read your Contacts or SMS (i.e. True Caller), or a malicious applications (i.e. Trojans), or state-sponsored applications (i.e. WeChat). Neither Android architecture allows users to revoke the list of permissions they don't want to give to an application.