Android toll fraud malware could make users subscribe to premium services without consent


Microsoft’s 365 Defender team has cautioned users against the growing popularity of Android malware that is tricking users into subscribing to premium services without their consent.

In a blog post, the team explained that toll fraud malware is a subcategory of billing fraud in which malicious applications trick users into subscribing to premium services without their knowledge or consent. While it is one of the most prevalent types of Android malware, it is also one of the dangerous ones as it keeps on evolving over time.

How does Toll Fraud Malware work?

Microsoft’s 365Defender team says toll fraud malware that is attacking Android devices uses a billing mechanism called Wireless Application Protocol, or WAP, which is usually done using real apps for subscription services. .

WAP billing enables consumers to subscribe to paid content from sites that support this protocol and be charged directly through their mobile phone bill. “The subscription process begins with the subscriber initiating a session with the service provider on the cellular network and navigating to the website providing the payment service. As a second step, the user will have to click on a subscribe button, and, in some cases, receive a one-time password (OTP) which is to be sent back to the service provider to verify the subscription,” the team said. explained blog Post.

Toll fraud malware, on the other hand, buys subscriptions on behalf of the user in such a way that the overall process cannot be seen. First, it asks the target users to disable the Wi-Fi connection so that they can switch to the mobile network. Then it silently goes to the subscription page after which it automatically clicks the subscribe button. If the subscription process involves an OTP, it intercepts the OTP, sends the OTP to the service provider and then cancels the SMS notifications so that the user is not informed about it.

“A critical and permissionless inspection that malware performs before performing these steps is to identify the customer’s country and mobile network through mobile country codes (MCCs) and mobile network codes (MNCs). This inspection is done to target users from a specific country or region,” the team said.

Who is affected by toll fraud malware?

Microsoft’s 365Defender team said variants of the toll fraud malware are targeting devices running Android API level 28 or Android 9.0 or older OS variants. This means that users who are running the latest version of the mobile OS available on their devices are protected.

How To Protect Yourself From Toll Fraud Malware?

One of the easiest ways to protect yourself from this malware is to download the latest version of the software update available on your smartphone. Also, avoid installing Android applications from untrusted sources. In addition, avoid granting SMS permissions, notification listener access, or accessibility access to any application without a strong understanding of why the application needs it.

Android toll fraud malware can make users subscribe to premium services without consent, first appeared on BGR India.

Read full article here

Leave a Reply