Toll Fraud Malware For Android Which Steals OTPS and banking transaction SMS which purchases premium subscription services online. Tech giant Microsoft has already alerted users of “toll fraud” malware on Android and its nature to attack the transaction details including switching off Wi-Fi connection and transferring fund from the mobile wallet.
Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique behaviors as per Microsoft 365 Defender research team, whereas SMS fraud or call fraud use a simple attack flow to send messages or calls to a premium number,Toll fraud does not work via SMS or calls, it works over the Wireless Application Protocol (WAP), which bills the purchase on the user’s phone bill. It does not work over Wi-Fi, and in many cases, malware apps will first try to disconnect you from Wi-Fi to force you on cellular network.
Microsoft, in its report, says that it classifies a subscription as fraudulent when it takes place without a user’s consent. Here are the steps that a toll fraud malware performs in order to subscribe you to unwanted services.
- Disable Wi-Fi connection or wait for user to switch to cellular data
- Silently navigate to the subscription page
- Auto-click the subscription button
- Intercept the OTP (if applicable)
- Sent the OTP to service provider
- Cancel SMS notifications (if applicable)
Before these steps, however, the malware identifies the subscriber’s country and mobile network through MCCs (mobile country codes) and MNCs (mobile network codes). This is done to target users within a specific country or region.
“For example, we saw new capabilities related to how this threat targets users of specific network operators. It performs its routines only if the device is subscribed to any of its target network operators,” warned the company.
Now, in order to remain safe, the Microsoft researchers are suggesting not to give permission to apps downloaded from Google Playstore. Some apps ask for way too many permissions, which is a red flag. Further, if any apps use similar UI or icons, or fake developer profiles with bad grammar, or if the apps have bad reviews. These are few things Android users can check before downloading apps from the Google Play Store.
Also Read – How to Protect Your Bank Account from Mobile Hackers ?
If you have downloaded a malicious apps, signs such as rapid battery drain, or connectivity issues (especially lack of Wi-Fi signal), or if the device is heating up more than usual are signs to uninstall the app and delete all data. The researchers also discouraged sideloading of apps that users can’t get officially in the Google Play Store, as that can increase the risk.
