Toll fraud malware variants are reportedly targeting Android devices with API level 28 or Android 9.0 or older OS versions, according to Microsoft’s 365 Defender team.
Microsoft’s 365 Defender team has issued a warning to users about the rising prevalence of Android malware that forces users to subscribe to premium services against their will.
The researchers described the Toll Fraud malware, a type of billing fraud when malicious programmes sign customers up for premium services without their knowledge or agreement, in a blog post.It is one of the most common forms of Android malware, but because it is constantly changing, it is also one of the most hazardous.
How Toll Fraud malware works?
According to the 365 Defender team at Microsoft, the Toll Fraud virus that targets Android smartphones makes use of the Wireless Application Protocol, or WAP, billing system that is often used by legitimate apps for subscription services.
Customers can subscribe to paid content from websites that accept this protocol via WAP billing, and they will be directly charged on their mobile phone bill.The customer initiates a session with the service provider through a cellular network and navigates to the website that offers the paid service. This is where the subscription process begins.The user must click a subscription button in a subsequent step, and in some situations, they will receive a one-time password (OTP) that must be provided back to the service provider in order to confirm the membership, according to the team’s blog post.
On the other hand, the toll fraud software conceals the overall process by making subscription purchases on the user’s behalf.To transition to a mobile network, it first instructs the target consumers to turn off their Wi-Fi connection.The subscription website is then secretly navigated to, and the subscription button is automatically clicked.If the subscription process calls for an OTP, it intercepts the OTP, sends the OTP to the service provider, and then stops sending SMS notifications to the user so they won’t be aware of it.
Before executing these actions, the malware does a large and permissionless inspection to determine the subscriber’s country and mobile network using the mobile country codes (MCC) and mobile network codes (MNC).The goal of this inspection is to target users in a certain nation or region, the team continued.
Who is affected by Toll Fraud malware?
Toll fraud malware variants are reportedly targeting Android devices with API level 28 or Android 9.0 or older OS versions, according to Microsoft’s 365 Defender team.Users who are using the most recent mobile OS version on their devices are therefore secure.
How to safeguard yourself from Toll Fraud malware?
Downloading the most recent software update for your smartphone is one of the simplest ways to safeguard yourself from this infection.Additionally, avoid downloading Android apps from unreliable sources.Additionally, if an application doesn’t clearly explain why it needs SMS rights, notification listener access, or accessibility access, don’t provide it.