Microsoft has warned of toll fraud malware on Android phones that can drain the wallet of the user. Here is what you need to know.
Is there malware on your phone? Microsoft has warned users of an Android malware called “toll fraud” that can drain the money in your wallet. Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique behavior. SMS fraud or call fraud use a simple attack flow to send messages or calls to a premium number, while “toll fraud” has a complex multi-step attack flow that malware developers continue to improve, Microsoft said in a blog post.
“Toll fraud malware, a subcategory of billing fraud in which malicious applications subscribe users to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve,” the blog post read.
Also read: Looking for a smartphone? To check mobile finder click here.
The company warned by saying, “for example, we saw new capabilities related to how this threat targets users of specific network operators. It performs its routines only if the device is subscribed to any of its target network operators. It also, by default, uses cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available.”
Also Read: Shocker! Mark Zuckerberg threatens Facebook employees; here is what ‘ruthless’ CEO wants
“Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user’s consent, in some cases even intercepting the one-time password (OTP) to do so. It then suppresses SMS notifications related to the subscription to prevent the user from becoming aware of the fraudulent transaction and unsubscribing from the service,” Microsoft said.
Another unique behavior of toll fraud malware is its use of dynamic code loading, which makes it difficult for mobile security solutions to detect threats. Despite this evasion technique, Microsoft has identified characteristics that can be used to filter and detect this threat.
Mitigating the threat of toll fraud malware
Toll fraud is one of the most common malware categories with high financial loss as its main impact. Due to its sophisticated cloaking techniques, prevention from the side of the user plays a key role in keeping the device secure. A rule of thumb is to avoid installing Android applications from untrusted sources (sideloading) and always follow up with device updates. Check the following steps to protect yourself from toll fraud malware:
1. Install applications only from the Google Play Store or other trusted sources.
2. Avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it. These are powerful permissions that are not commonly needed.
3. Use a solution such as Microsoft Defender for Endpoint on Android to detect malicious applications.
4. If a device is no longer receiving updates, strongly consider replacing it with a new device.