Recently, we discovered a new malicious Android application called Android.MouaBot. This malicious software is a bot contained within another basic app; in this case, a Chinese calculator application. Behind the scenes, it automatically sends an SMS message to an auto-reply number which replies back to the phone with a set of commands/keywords. This message is then parsed and the various plugins within the malicious packages are run or enabled.
To find out how to contact the auto-reply numbers, there are two files within the app listing a few URLs which, when visited, display a single line referring the app to another IP address. These IPs are then used to send configuration information down to the app.