Android ‘Toll Fraud’ Malware Detected, Subscribes Users to Premium Services Without Consent

The malware is largely distributed outside of Google Play because Google restricts the use of dynamic code loading by apps.

Android ‘Toll Fraud’ Malware Detected, Subscribes Users to Premium Services Without Consent

Photo Credit: Reuters

The apps harbouring the malware are usually classified as "toll fraud"

Highlights
  • The apps harbouring the malware use "dynamic code loading"
  • The malware subscribes users to a premium service
  • The malware is largely distributed outside of Google Play

American tech giant Microsoft's 365 Defender Team recently revealed the growing popularity of malware that can subscribe users to a premium service without their knowledge.

In a blog post, the team explains that the attack from this form of malware is quite elaborate, while detailing the steps that the malware executes after infecting a device.

The apps harbouring the malware are usually classified as "toll fraud" and use "dynamic code loading" to carry out the attack, according to Microsoft.

The malware subscribes users to a premium service using their telecom provider's monthly bill which they are then forced to pay. It works by exploiting the WAP (wireless application protocol) used by cellular networks. That's why some forms of malware disable your Wi-Fi or just wait for you to go outside of Wi-Fi coverage.

This is where the aforementioned dynamic code loading comes into play. The malicious software then subscribes you to a service in the background, reads an OTP (one-time-password) you may receive before subscribing, fills out the OTP field on your behalf and hides the notification to cover its tracks.

The saving grace is that the malware is largely distributed outside of Google Play because Google restricts the use of dynamic code loading by apps, according to Microsoft.

Last month, cybersecurity platform Proofpoint discovered that the Emotet botnet — used by criminals to distribute malware around the world — has begun attempting to steal credit card information from unsuspecting users. The malware targets the popular Google Chrome browser, then sends the exfiltrated information to command-and-control servers.

The resurgence of the Emotet botnet comes over a year after Europol and international law enforcement agencies shut down the botnet's infrastructure in January 2021, and used the botnet to deliver software to remove the malware from infected computers.


What are the best tablets? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

British Army’s Twitter, YouTube Accounts Breached; Used to Promote NFTs
OnePlus TV 50 Y1S Pro With 4K Viewing, Dolby Audio Launched in India
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2022. All rights reserved.