News
Microsoft issues warning over Android toll fraud malware
Learn everything about a new type of toll fraud malware that can affect your Android device and see how you can protect yourself from it.
Advertisement
Learn how to keep the malware off of your device.
According to a new blog post from Microsoft Security, Android users are now being attacked by a toll fraud malware that purchases premium subscription services without their knowledge. In a recent report, two senior researchers from Microsoft – Sang Shin Jung and Dimitrios Valsamaras – explained how this malware evolution attacks Android devices unwittingly.
According to their analysis, a toll fraud malware falls under billing fraud and can cause thousands of dollars in damage to the user. It infects the device through malicious apps and ends up subscribing the owner of said device to paid, premium services without their consent. They say it’s one of the most common types of malwares for Android mobiles.
These toll fraud malwares work over WAP (Wireless Application Protocol). WAP networks allow users to subscribe to content without asking for a credit card. Instead, it will add the charge to their phone bill. This type of attack relies heavily on mobile networks in order to function. So, the malware will disconnect the users’ phone from a Wi-Fi connection to force it onto the cellular network.
After doing so, the malware will subscribe to premium services and hide the OTP (one-time passwords) those services usually send in order to verify the users’ identity. That way, it keeps the victims unaware of what is going on and they won’t unsubscribe to these services.
This new toll fraud malware is an evolved version of the dial-up days, and presents users with an expensive threat, according to experts. That is because it might lead to a significant charge on mobile bills. Not only that, but the affected phones pose an increased risk since the malware is able to bypass detection. Therefore, it can get to a large number of subscriptions before one single variant can be found and removed.
How does the toll fraud malware infect Android devices?
This kind of malware attack happens when a user downloads a fake app in the Google Play store. Malwares like these are known as “trojans”, and they usually disguise themselves as popular apps within popular categories. The most common subcategories where you can find fake applications are personalization. Image editors, photo apps and messaging apps are also very common.
According to researchers, the first thing that should tip you off as to the legitimacy of the app is that the fake ones ask for permissions that don’t align with the kind of service they provide. For instance, why would a personalization app ask for access to your SMS?
The goal with these malicious apps is to get as many downloads as possible by unaware users. Both Microsoft researchers were able to identify some common patterns. They explain how cybercriminals keep the malicious app functioning on Google’s Play Store. First, they upload a clean version and wait until the app gets a high number of downloads. Then, they update the app and load the toll fraud malware. By separating the infected flow from the clean version, they’re able to remain undetected for a long period of time.
You will be redirected to another website
You’ll receive messages for less than 1 week, with a maximum of 1 message per day. You can unsubscribe anytime by replying STOP. By submitting this form, I confirm that I am 18+ years old and agree to the Privacy Policy and Terms and Conditions. I also provide my signature, giving express consent to receive informational messages via automated emails, SMS, MMS text messages, and other forms of communication. Message frequency may vary as part of our good-faith effort to respond to your inquiry. Message and data rates may apply. Text STOP to cancel. I understand that my consent to receive communications is not a condition of purchase and that I may revoke my consent at any time.
How can I protect my device from this toll fraud malware?
According to both Microsoft researchers, these kinds of malicious apps have a few characteristics in common that users should be on the lookout for. One is that they will ask for permissions that don’t make sense. Users need to pay attention before downloading an app to see if there are others by the same name or similar icons. It’s also good to check for poor grammar and bad reviews before downloading anything.
In case you’ve already downloaded an application infected with a toll fraud malware, your device will begin to show some signs of it. Some of it include connectivity issues, constant overheating and fast battery drain.
Did you know that there are ways to find out if someone is using your Google or Netflix account? Check the link below for more details!
How to check for devices logged into your accounts
Worried about someone else accessing your personal accounts without your consent? Here's how to check for and remove any unauthorized devices.
Trending Topics
Elon Musk is unhappy with Apple and Tim Cook
Elon Musk is now taking jabs at Apple and Tim Cook regarding advertising and the fees involved in getting apps in the App Store.
Keep ReadingWhat is Mastodon? Is it a good Twitter alternative?
Mastodon is the new social media app that's taking the internet by storm as an alternative to Twitter. Here's why you need to check it out!
Keep ReadingDiscover online Costco Membership perks and fees: Is it worth it?
Unlock the perks of an online Costco membership! Our guide breaks down the types, costs, and benefits of joining Costco in-store and online.
Keep ReadingYou may also like
Navy Federal GO REWARDS® Credit Card review
Learn more about the Navy Federal GO REWARDS® Credit Card and how it can help you save money with its great rewards program.
Keep ReadingSee how to apply for the Wells Fargo Reflect® Card
Learn how to apply for the Wells Fargo Reflect® Card and take advantage of its unique features, including no annual fee.
Keep ReadingEmmy Awards 2022: Check out the full winner’s list
The 74th Primetime Emmy Awards took place on Monday night. Here’s the lowdown of what happened and the winner’s list for each category.
Keep Reading