This Android malware subscribes users to premium services without their consent


Microsoft’s 365 Defender team has warned users about the growing popularity of Android malware that tricks users into subscribing to premium services without their consent. Also Read – Microsoft Outlook Hacks: How to Archive Emails in Outlook

In a blog post, the team explained that Toll Fraud malware, a subcategory of billing fraud in which malicious apps subscribe users to premium services without their knowledge or consent. Although it is one of the most common types of Android malware, it is also one of the most dangerous as it continues to evolve over time. Also Read – This Is What Microsoft Founder Bill Gates’ Resume Looked Like Back In Harvard

How does the Toll Fraud malware work?

Microsoft’s 365 Defender team claims that the Toll Fraud malware that attacks Android devices uses the charging mechanism called Wireless Application Protocol or WAP, which is typically used with genuine applications for subscription services. Also Read – Twitter Now Allows Android Users to Pay and Ditch the Spaces Button

WAP billing allows consumers to subscribe to paid content on sites that support this protocol and be billed directly on their mobile phone bill. “The subscription process begins with the customer initiating a session with the service provider over a cellular network and navigating to the website that provides the paid service. In a second step, the user must click on a subscription button and, in some cases, receive a one-time password (OTP) which must be sent back to the service provider to verify the subscription,” explained the team in a press release. Blog Publish.

Phone fraud malware, on the other hand, purchases a subscription on behalf of the user in such a way that the overall process is not noticeable. First of all, it asks the target users to turn off the Wi-Fi connection so that they can switch to a mobile network. Then he silently navigates to the subscribe page, after which he automatically clicks the subscribe button. If the subscription process involves an OTP, it intercepts the OTP, sends the OTP to the service provider, and then cancels the SMS notifications so that the user is not notified.

“An important, unauthorized inspection that the malware performs before performing these steps is to identify the subscriber’s country and mobile network via Mobile Country Codes (MCCs) and Mobile Network Codes (MNCs). This inspection is done to target users in a specific country or region,” the team added.

Who is affected by the Toll Fraud malware?

Microsoft’s 365 Defender team said that phone fraud malware variants target Android API level 28 or devices running Android 9.0 or older operating system variants. This means that users who are running the latest version of the mobile operating system available on their devices are safe.

How to protect yourself from Toll Fraud malware?

One of the easiest ways to protect yourself against this malware is to download the latest software update available on your smartphone. Other than that, avoid installing Android apps from untrusted sources. In addition to that, avoid granting SMS permissions, notification listener access, or accessibility access to apps without a good understanding of why the app needs it.

Read full article here

Leave a Reply