CallJam targets Android OS and masquerades as a game app available in the Google Play Store. CallJam generates revenue for the attacker by making fraudulent phone calls to premium phone numbers and redirecting victims to malicious websites. This app does require the victim to grant permissions prior to conducting its malicious activity. After the victim grants permission, it first requires him or her to give the game a rating in the Google Play Store, luring the victim with the promise of additional game currency. CallJam then establishes contact with its C2 server receiving instructions to call a specific premium phone number for a set amount of time. It then places the call, generating revenue at the expense of the victim.


  • September 2016: Check Point Software Technologies Ltd. discovered CallJam bundled into the game “Gems Chests for Clash Royale” in the Google Play Store which has been downloaded between 100,000 and 500,000 times. (Check Point)

One example of the CallJam variant. Image Source: Check Point

Android MalwareNJCCICCallJam