Toll fraud has a complex multi-step attack flow that malware writers are constantly working to enhance, in contrast to SMS fraud or phone fraud, which use a simple attack flow to send messages or make calls to a premium number.
Android users have been warned by Microsoft about new spyware termed “toll fraud” that can empty their mobile wallets by turning off Wi-Fi.Toll fraud behaves differently from other types of billing fraud, such as SMS fraud and call fraud.It allegedly makes it possible to subscribe to premium services automatically.
How Does The Toll Fraud Malware Attack Users?
Toll fraud has a complex multi-step attack flow that malware writers are constantly working to enhance, in contrast to SMS fraud or phone fraud, which use a simple attack flow to send messages or make calls to a premium number.
“For instance, in terms of how this threat targets customers of particular network operators, we observed new capabilities.It only executes its operations if the device is a subscriber to one of its target network operators”, the business said.
Additionally, it forces devices to connect to the mobile network even when a Wi-Fi connection is available and uses cellular connections by default for its operations.
Once the target network connection is established, it secretly starts a fraudulent subscription and verifies it without the user’s knowledge. In some situations, it even uses the one-time password (OTP) as part of this process.
Microsoft said, “It then suppresses SMS alerts linked to the subscription to stop the user from learning about the fraudulent transaction and cancelling the service”.
The use of dynamic code loading by toll fraud malware is another distinctive characteristic that makes it challenging for mobile security solutions to identify threats.
How Can Users Protect Themselves From Toll Fraud Malware Attack?
The Microsoft team found traits that can be utilised to filter and detect this threat despite its evasion approach.
The company added, “We also observe changes in Google Play Store publication policy and Android API limits that can assist reduce this issue”.
As a general guideline, Microsoft suggested avoiding sideloading (installing Android apps from untrusted sources) and consistently checking for device updates.
Avoid giving any applications access to SMS, notification listeners, or accessibility features until you fully understand why they are necessary.
Found this article interesting? Follow BG on Facebook, Twitter and Instagram to read more exclusive content we post.