According to Microsoft Security, Android owners are being targeted with malware that mistakenly subscribes them to premium services they don’t need or desire.
Microsoft researchers Dimitrios Valsamarassas and Sang Shin Jung presented a detailed report on the continued evolution of “toll fraud malware” and its attacks on Android users. According to the team’s analysis, toll fraud malware is classified under billing fraud. Malicious apps in this situation subscribe consumers to premium services without their knowledge or consent. It “is one of most prevalent types” of Android malware.
Toll fraud occurs over the Wireless Application Protocol. (WAP) allows consumers to subscribe and add to their phones bills the paid content. This attack requires a cellular network to work. The malware may use other methods or disable Wi-Fi to force users to join their cellular network. As soon as you connect to the network, malware will be subscribing and hiding any OTPs that you have sent to verify who you are. This is done so that victims don’t unsubscribe.
Toll fraud software is evolved since its dial-up days and poses a risk, according to researchers. The malware can cause victims to be subject to significant mobile billing charges. Also, the malware is highly resistant to detection and can infect many devices before a single version can be removed.
This type of attack begins when a user opens the Google Play Store and downloads the malware. These trojans will generally be listed under popular categories like personalization (wallpapers or lock screen apps), beauty, editor (messaging and chat app), photography, tools (such fake antivirus apps), and communication (messaging and messaging apps). According to the researchers, some apps would request rights that are unnecessary for the function being done, such as a camera or wallpaper application requesting SMS/notification listening privileges.
These apps exist to be downloaded and used by as many people, as possible. Shin Jung, Valsamaras, and Shin Jung identified the most common ways attackers will attempt to keep their app off the Google Play Store.
Upload clean versions of the application until it receives enough installations.
Update the application to dynamically load malicious Code
You want to keep malicious flows from being uploaded applications as hidden as possible.
How do I protect against malware?
Shin Jung, Valsamaras, and Shin Jung both believe that malware in Google Play Store may have some common features one should be aware of before downloading an app. Apps will sometimes ask for permissions that require no privileges. Another thing to watch out for is apps with similar UIs.
If you suspect that you may have already downloaded malware, you should look for signs such as rapid battery drain or connectivity problems, constant overheating, and slow speeds.
Side loading any app that isn’t officially available through the Google Play Store could increase the risk of infection. They found that toll fraud malware was second in terms of spyware in 34.8% percent of “Potentially Harmful Application” installed on the Google Play Store for the first quarter of 2022.