Android users are Biography Archivesbeing attacked by malware that unwittingly purchases premium subscription services that they did not want or sign up for, according to a blog from Microsoft Security.
In a report from Microsoft researchers Dimitrios Valsamaras and Sang Shin Jung, the pair detailed the continuing evolution of "toll fraud malware" and the ways it attacks Android users and their devices. According to the team, toll fraud malware falls under the subcategory of billing fraud "in which malicious applications subscribe users to premium services without their knowledge or consent" and "is one of the most prevalent types of Android malware."
Toll fraud works over the Wireless Application Protocol (WAP), which allows consumers to subscribe to paid content and add the charge to their phone bill. Because this attack relies on a cellular network to do the dirty business, the malware might disconnect you from Wi-Fi or use other means to force you onto your cellular network. While connecting to the cellular network the malware will start subscribing to premium services while also hiding any one-time passwords (OTP) sent to verify your identity. This is to keep targets in the dark so that they don't unsubscribe.
The evolution of toll fraud malware from its dial-up days presents a dangerous threat, researchers warn. The malware can lead to victims receiving significant mobile bill charges. Additionally, affected devices also have increased risk because the malware is able to evade detection and can achieve a high number of installations before a single variant can be removed.
This type of attack starts when a user downloads whatever app the malware is disguised as in the Google Play Store. These trojan apps will usually be listed in popular categories in the app store such as personalization (wallpaper and lock screen apps), beauty, editor, communication (messaging and chat apps), photography, and tools (like cleaner and fake antivirus apps). The researchers say that these apps will ask for permissions that don't make sense for what is being done (i.e. a camera or wallpaper app asking for SMS or notification listening privileges).
The purpose of these apps is to be downloaded by as many people as possible. Valsamaras and Shin Jung identified some common ways in which attackers will try to keep their app on the Google Play Store:
Upload clean versions until the application gets a sufficient number of installs.
Update the application to dynamically load malicious code.
Separate the malicious flow from the uploaded application to remain undetected for as long as possible.
Valsamaras and Shin Jung say that potential malware in the Google Play Store has common characteristics one can look for before downloading an app. As stated above some apps will ask for excessive permissions for programs that don't require such privileges. Other characteristics to be on the lookout for are apps with similar UIs or icons, developer profiles that look fake or have poor grammar, and if the app has a slew of bad reviews.
If you believe you've already downloaded a potential malware app, some common signs include rapid battery drain, connectivity issues, overheating constantly, or if the device is running much slower than normal.
The pair also warned of not sideloading any apps that you can't get officially in the Google Play Store, as this can increase the risk of infection. Their findings showed that toll fraud malware accounted for 34.8% of installed "Potentially Harmful Application" (PHA) from the Google Play Store in the first quarter of 2022, second only to spyware.
According to a Google transparency report, it says that most of the installations originated from India, Russia, Mexico, Indonesia, and Turkey.
Topics Cybersecurity Microsoft
2025 Oscar winners: See the full list
'Avengers: Endgame' ticket sales threaten to break the internet
Forget about hailing an Uber on your next visit to China
Forget about hailing an Uber on your next visit to China
Best headphones deal: Save $150 on Beats Studio Pro
WhatsApp adds new group messaging privacy settings
IT workers blame employees for the biggest security vulnerabilities
Verizon introduces smartphone plan designed for kids
Google's officially retiring Assistant
Kendall Jenner dressed like Paris Hilton for her 21st birthday
Today's Hurdle hints and answers for March 18, 2025
'Downton Abbey' movie revolves around a royal visit
'Downton Abbey' movie revolves around a royal visit
Report: iPad Pros have a touch
Best Sonos deal: Save $50 on Sonos Era 100
Report: iPad Pros have a touch
IT workers blame employees for the biggest security vulnerabilities
Why Apple needed to cut HomePod's price from $350 to $300
Herediano vs. Real Salt Lake 2025 livestream: Watch Concacaf Champions Cup for free
The Obama administration just made it easier to take a road trip in an electric car
Rock out to this fluffy floating cloud bluetooth speakerCrystal ballSocial media companies suspend Geofeedia's access after reported police tracking'League of Legends' pro suspended, fined $2K for using racist languageObama: We're going to Mars by 2030sStunning artwork of ceramic poppies remembers fallen WW1 soldiersGoFundMe campaign will pay legal fees of anyone leaking new Trump tapesTeen girl football player absolutely levels opponent during gameKim Kardashian is suing a website that claimed she made up the robbery'80s gadgets the X12 spooktacular skins coming to 'Overwatch' for HalloweenSmoking Samsung Note7 video should make you take the recall seriouslyRonald McDonald in hiding after global clown hysteriaIs this the greatest editor's note in the history of editor's notes?Despite early troubles, everyone is updating to iOS 10North Carolina flooding is so severe that rescuers need sonar to locate cars, victimsAussies want driverless cars for when they're tired, bored or drunkIs this the greatest editor's note in the history of editor's notes?Professional clowns are not happy about the 'creepy clowns' crazeKim Kardashian being robbed costume is just as bad as you imagine Uber at war: Major investor sues cofounder Travis Kalanick for fraud Trump just talked about North Korea like a dad talks about a bratty kid Randall's Black rage fatigue is the realest thing on 'This Is Us' Florida Governor's voter registration hacked by 20 Waymo's self 'Watch Dogs: Legion' review: Freeing London from technofascism Fan rushes Britney Spears on stage, does a cartwheel then fights with her dancers There's another Pizza Squirrel giving Pizza Rat a run for his money Charlottesville really happened. Don't look away. What really happens if Republicans get rid of Section 230 Pornhub reveals that yes, of course, tons of people are looking for boobs. Duh. New AirPods and AirPods Pro are coming next year, report claims Chelsea Manning gets her Vogue moment and proudly shares it with supporters Coinbase launches crypto debit card in the U.S. 'There's a place at Google for you,' Google CEO tells girls at coding competition Scientists destroy the first 'murder hornet' nest found in Washington Instagram changes breast holding policy after #IWantToSeeNyome campaign Netflix's 'Holidate' is a silly, sexy good time Protesters, journalists capture sobering images of racists marching in Charlottesville 'Sims 4' new expansion pack finally lets you take your shoes off indoors
1.9846s , 10136.4296875 kb
Copyright © 2025 Powered by 【Biography Archives】,Charm Information Network