Microsoft has alerted Android users of a malware that purchases premium subscription services online without their knowledge. In a report, Microsoft researchers have given the details of a “toll fraud malware” and the way it attacks Android users and their devices.
Researchers Dimitrios Valsamaras and Song Shin Jung have kept the malware under the subcategory of billing frauds where malicious make users subscribe to premium services without their knowledge. The report says that it is one of the most prevalent types of Android malware. Toll fraud does not work via SMS or calls, it works over the Wireless Application Protocol (WAP), which bills the purchase on the user’s phone bill. It does not work over Wi-Fi, and in many cases, malware apps will first try to disconnect you from Wi-Fi to force you on cellular network.
The unwarranted subscription, according to Microsoft, starts with the user starting a session with the service provider over a cellular network. Once on network, the user is guided on to the website that provides the subscription service. At times, an OTP (one time password) is required, but the malicious apps have a way of hiding the OTP required to verify your identity.
Microsoft, in its report, says that it classifies a subscription as fraudulent when it takes place without a user’s consent. Here are the steps that a toll fraud malware performs in order to subscribe you to unwanted services.
- Disable Wi-Fi connection or wait for user to switch to cellular data
- Silently navigate to the subscription page
- Auto-click the subscription button
- Intercept the OTP (if applicable)
- Sent the OTP to service provider
- Cancel SMS notifications (if applicable)
Before these steps, however, the malware identifies the subscriber’s country and mobile network through MCCs (mobile country codes) and MNCs (mobile network codes). This is done to target users within a specific country or region.
Now, in order to remain safe, the Microsoft researchers say that there are common charactersitics that users can look for on Google Play Store. Some apps ask for way too many permissions, which is a red flag. Further, if any apps use similar UI or icons, or fake developer profiles with bad grammar, or if the apps have bad reviews. These are few things Android users can check before downloading apps from the Google Play Store.
If you have downloaded a malicious apps, signs such as rapid battery drain, or connectivity issues (especially lack of Wi-Fi signal), or if the device is heating up more than usual are signs to uninstall the app and delete all data. The researchers also discouraged sideloading of apps that users can’t get officially in the Google Play Store, as that can increase the risk.