'Toll Fraud' malware detected: How are Android users getting affected
US tech giant Microsoft is warning Android users about a type of malware that can subscribe them to a premium service without their knowledge. Called 'Toll Fraud,' the nature of this malware is quite elaborate and it uses a multi-step method (dynamic code loading) to carry out attacks. Malware developers are still improving this new sub-category of billing fraud.
- The Toll Fraud malware has been around since 2017 and is continuing to evolve in the hands of malicious coders.
- Its main intention is to cause heavy financial loss to the victim and cannot be rooted out easily.
- However, Google Play Store users can rest easy as it does not permit dynamic code loading by applications.
Attackers use the Wireless Application Protocol (WAP) billing method. This mechanism allows users to subscribe to content from various sites and pay for it via mobile phone bill. This process is done over a cellular network. Customers have to head to their preferred site, tap a subscription button, and get an OTP. This OTP is given to the service provider to verify the subscription.
During a Toll Fraud, the malware subscribes to a service on behalf of the user. It waits for the user to switch to a mobile network or disables the Wi-Fi connection. Then, it stealthily opens the subscription page and auto-clicks the subscription button. It intercepts the OTP if present and sends it to the service provider. Finally, the SMS notifications are suppressed.
Install applications only from trusted sources. Do not give access to any other apps or SMS permissions without understanding the reason. Use a strong antivirus on your device to remove harmful applications. Finally, replace your handset if it does not receive new security updates.