Microsoft researchers have warned Android users about malware known as “toll fraud” that, once installed, poses as regular apps in the Google Play Store and empties users’ bank accounts.
According to Microsoft, toll fraud malware is a kind of billing fraud in which malicious software signs up users for premium services without their knowledge or agreement. One of the most common types of Android malware, this kind of malware is claimed to be constantly evolving.
Must Read: 5 Bad Apps To Remove From Your Phone In 2022
Toll fraud exhibits different characteristics from other types of billing fraud, such as SMS and call fraud. SMS fraud and phone fraud use a simple attack flow to send messages or make calls to a premium number. In contrast, toll fraud uses a sophisticated multi-step attack flow that malware developers are constantly working to enhance.
In a blog article on the Microsoft website, the researchers described how the malware functions. “We observed new abilities about how this threat targets users of particular network operators. The device only executes its routines if it subscribes to one of its target network operators. Additionally, even when a Wi-Fi connection is available, it forces devices to connect to the mobile network and uses cellular connections by default for its operations.
“Once the target network connection is established, the malware secretly starts a fraudulent subscription and confirms it without the user’s knowledge. In certain circumstances, it even uses the one-time password (OTP). To stop the user from discovering the illegal transaction and canceling their membership, it then blocks SMS alerts linked to the subscription.
This attack begins when a user downloads an app disguised as malware from the Google Play Store. These trojan apps are typically found in popular app store categories like personalization (wallpaper and lock screen apps), beauty, editor, communication (messaging and chat apps), photography, and tools (like cleaner and fake antivirus apps). According to the researchers, these apps will request permissions unnecessary for the work (i.e., a camera or wallpaper app asking for SMS or notification listening privileges).
According to Microsoft’s security alert, toll fraud is one of the most common malware categories, with high financial loss as its major impact. Because of its sophisticated cloaking techniques, user prevention is critical in keeping the device secure.
According to the researchers, a good rule of thumb is to avoid installing Android applications from untrusted sources (sideloading) and always keep up with device updates. They also advise end users to take the following precautions to safeguard themselves against toll fraud malware:
- Install apps only from the Google Play Store or other reputable sources.
- Allowing SMS permissions, notification listener access, or accessibility access to any application without a clear understanding of why the application requires it is a bad idea.
- These are strong permissions that are rarely required.
- To detect malicious applications on Android, use a solution such as Microsoft Defender for Endpoint.
- If a device is no longer receiving updates, it is strongly recommended that it be replaced with a new device.