Microsoft issues warning over Android toll fraud malware

Learn everything about a new type of toll fraud malware that can affect your Android device and see how you can protect yourself from it.


Learn how to keep the malware off of your device.

toll fraud malware
Beware of toll fraud malwares. Source: Adobe Stock.

According to a new blog post from Microsoft Security, Android users are now being attacked by a toll fraud malware that purchases premium subscription services without their knowledge. In a recent report, two senior researchers from Microsoft – Sang Shin Jung and Dimitrios Valsamaras – explained how this malware evolution attacks Android devices unwittingly.

According to their analysis, a toll fraud malware falls under billing fraud and can cause thousands of dollars in damage to the user. It infects the device through malicious apps and ends up subscribing the owner of said device to paid, premium services without their consent. They say it’s one of the most common types of malwares for Android mobiles. 

These toll fraud malwares work over WAP (Wireless Application Protocol). WAP networks allow users to subscribe to content without asking for a credit card. Instead, it will add the charge to their phone bill. This type of attack relies heavily on mobile networks in order to function. So, the malware will disconnect the users’ phone from a Wi-Fi connection to force it onto the cellular network. 

After doing so, the malware will subscribe to premium services and hide the OTP (one-time passwords) those services usually send in order to verify the users’ identity. That way, it keeps the victims unaware of what is going on and they won’t unsubscribe to these services. 

This new toll fraud malware is an evolved version of the dial-up days, and presents users with an expensive threat, according to experts. That is because it might lead to a significant charge on mobile bills. Not only that, but the affected phones pose an increased risk since the malware is able to bypass detection. Therefore, it can get to a large number of subscriptions before one single variant can be found and removed. 

How does the toll fraud malware infect Android devices?

This kind of malware attack happens when a user downloads a fake app in the Google Play store. Malwares like these are known as “trojans”, and they usually disguise themselves as popular apps within popular categories. The most common subcategories where you can find fake applications are personalization. Image editors, photo apps and messaging apps are also very common.

According to researchers, the first thing that should tip you off as to the legitimacy of the app is that the fake ones ask for permissions that don’t align with the kind of service they provide. For instance, why would a personalization app ask for access to your SMS?

The goal with these malicious apps is to get as many downloads as possible by unaware users. Both Microsoft researchers were able to identify some common patterns. They explain how cybercriminals keep the malicious app functioning on Google’s Play Store. First, they upload a clean version and wait until the app gets a high number of downloads. Then, they update the app and load the toll fraud malware. By separating the infected flow from the clean version, they’re able to remain undetected for a long period of time. 

How can I protect my device from this toll fraud malware?

toll fraud malware
See what you can do to protect your phone. Source: Adobe Stock.

According to both Microsoft researchers, these kinds of malicious apps have a few characteristics in common that users should be on the lookout for. One is that they will ask for permissions that don’t make sense. Users need to pay attention before downloading an app to see if there are others by the same name or similar icons. It’s also good to check for poor grammar and bad reviews before downloading anything. 

In case you’ve already downloaded an application infected with a toll fraud malware, your device will begin to show some signs of it. Some of it include connectivity issues, constant overheating and fast battery drain. 

Did you know that there are ways to find out if someone is using your Google or Netflix account? Check the link below for more details!


How to check for devices logged into your accounts

Worried about someone else accessing your personal accounts without your consent? Here's how to check for and remove any unauthorized devices.

Trending Topics


Everything you need to know about Spotify HiFi

Wondering if the new Spotify HiFi tier is worth it? We've got everything you need to know, including what lossless audio quality means.

Keep Reading

How to apply for the Blue Cash Preferred® Card from American Express

Wondering how to get the most out of your spending? Apply for the Blue Cash Preferred® Card and enjoy cash back at supermarkets and more!

Keep Reading

Costco Is Coming to These 3 Cities Soon

Get ready for an ultra-convenient retail therapy session! Costco is coming to three new cities soon. Get set for unbeatable prices.

Keep Reading

You may also like


Business may have to pay $1,000 to keep their Twitter Gold verification badge

According to new reports, Twitter is considering charging a monthly subscription of $1,000 for business to keep their gold verification.

Keep Reading

What are Filippo Loreti watches made of?

Filippo Loreti offers high-quality watches at an affordable price. Wondering what are Filippo Loreti watches made of? Wonder no more!

Keep Reading

Learn how you can save on your monthly internet bill

Check this article to learn how you can shave off a few bucks from your expenses and save on your monthly internet bill. Read on for more!

Keep Reading