Microsoft’s 365 Defender team has cautioned users against the growing popularity of an Android malware that is making users subscribe to premium services without their consent. Also Read - Xbox One sales were not even half as PS4's lifetime sales: Report
In a blog post, the team explained that the Toll Fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent. While it is one of the most prevalent types of Android malware, it is also one of the dangerous ones as it continues to evolve over time. Also Read - Android 13 is now out for Pixel phones: Top 5 features that you need to know
How Toll Fraud malware works?
Microsoft‘s 365 Defender team says that the Toll Fraud malware that is attacking Android devices uses the billing mechanism called Wireless Application Protocol or WAP that is typically used genuine apps for subscription services. Also Read - How to hide your browsing history on Amazon: A step-by-step guide
WAP billing enables consumers to subscribe to paid content from sites that support this protocol and get charged directly through their mobile phone bill. “The subscription process starts with the customer initiating a session with the service provider over a cellular network and navigating to the website that provides the paid service. As a second step, the user must click a subscription button, and, in some cases, receive a one-time password (OTP) that has to be sent back to the service provider to verify the subscription,” the team explained in a blog post.
The toll fraud malware, on the other hand, purchases subscription on behalf of the user in a way that the overall process isn’t perceivable. First, it asks the target users to disable the Wi-Fi connection such that they to switch to a mobile network. Then it silently navigates to the subscription page after which it auto-clicks the subscription button. If the subscription process involves an OTP, it intercepts the OTP, send the OTP to the service provider and then cancel the SMS notifications so that the user wouldn’t be informed about it.
“One significant and permissionless inspection that the malware does before performing these steps is to identify the subscriber’s country and mobile network through the mobile country codes (MCC) and mobile network codes (MNC). This inspection is done to target users within a specific country or region,” the team added.
Who is affected by Toll Fraud malware?
Microsoft’s 365 Defender team said that variants of toll fraud malware are targeting Android API level 28 or devices running Android 9.0 or older OS variants. This means that users who are running the latest version of the mobile OS available on their devices are safe.
How to safeguard yourself from Toll Fraud malware?
One of the easiest ways to protect yourself from this malware is by download the latest version of available software update on your smartphone. Apart from that, avoid installing Android applications from untrusted sources. In addition to that, avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it.