Microsoft recently published a blog post warning Android users about a new malicious malware that goes around called Toll Fraud malware. The concern that Microsoft expresses regarding this malware is the fact that it can empty the payment wallets in infected devices and also empty your bank accounts.
Microsoft researchers Dimitrios Valsamaras and Sang Shin Jung have detailed the ongoing evolution of “toll fraud malware” and how It attacks Android devices.
The malware falls under the subcategory of billing fraud, “where malicious applications subscribe users to premium services without their knowledge or consent” and “is one of the most prevalent types of Android malware.”
According to a Google Transparency Report, most installations of this malware are located in India, Russia, Mexico, Indonesia and Turkey.
How Does Toll Fraud Malware Work?
What this malware does is it disconnects your device from WiFi and allows the device to work only on cellular network. It then takes over the WAP or the Wireless Application Protocol.
WAPs typically allow consumers to subscribe to paid content and add the charge to their phone bill. Once the WAP is hijacked, the malware begins subscribing to premium services while intercepting one-time passwords (OTP) that a reputable service provider may have sent you to verify your identity.
These SMS are then forwarded to a database that malicious hackers and actors can use to hack into various accounts owned by you, even your bank accounts.
Toll Fraud malware is one of the oldest malware in existence and has been around since the days of dial-up Internet. However, over the decades it has grown into something very sophisticated.
The current version of the malware can evade detection and reach a high number of installations before a single variant can be removed. It uses dynamic code loading, which makes it difficult for true mobile security solutions and antivirus to detect threats.
It also suppresses SMS notifications and app notifications from wallets and dedicated banks. In this way, a user only finds out very late that their device has been infected.
How does Toll Fraud malware infect Android devices?
Not all apps in the Play Store are legitimate. Most free antivirus, file managers, beauty filters, and wallpaper apps contain some form of malware.
The biggest red flag such apps raise is the question of bizarre permissions. For example, a camera app asking permission to send or read SMS makes no sense. Or a wallpaper app asking permission to read notifications and monitor them again makes no sense. People often ignore what kind of permissions certain apps ask for.
How to protect against Toll Fraud malware?
Users have to be very careful about the apps they download even if they do it through the Play Store. Also, avoid sideloading apps.
Avoid installing apps that ask for excessive permissions for programs that don’t require such permissions. Also, avoid apps that have similar user interfaces or icons as legitimate apps.
Keep an eye on developer profiles that look fake or have bad grammar, and whether the app has a ton of bad reviews.
This article was previously published on Source link