Android users at risk of new wallet-draining attacks

Toll fraud malware is growing more sophisticated

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Owners ofAndroid smartphonesare at risk of a new type of billing fraud designed to trick them into paying for premium subscription packages,Microsofthas warned.

In an extensiveblog post, detailing how the entire scheme operates, Microsoft explained that toll fraudmalwareis “one of the most prevalent types” on Android and that it just keeps evolving. Toll fraud is also quite complex, compared to its close relatives, SMS fraud and call fraud.

These apps use specific network operators, running their operations only if the compromisedendpointis subscribed to one of its target operators.

If these conditions are met, the app will subscribe to a service, completely out of sight for the device owner, and will even intercept one-timepasswordSMS messages and other notifications.

Toll fraud malware is also known for dynamic code loading, as this makes it harder for mobilesecurity softwareto detect any foul play through static analysis.

Prevention and mitigation

However, Microsoft says there are characteristics that can be used to filter and detect these threats, and there are also adjustments in Android API restrictions andGoogle Play Storepublishing policy, that can help mitigate the threat, the company added.

The best Android antivirus app of 2022>This Android malware is so dangerous, even Google is worried>Beware - another dangerous Android malware has had millions of downloads from the Google Play Store

The first major malware variant in the toll fraud family was Joker, which managed to wiggle its way into the Google Play Store some five years ago. Its main goal is to generate as big of a financial impact on the victim as possible.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

As it carries sophisticated cloaking techniques, the best way to protect your devices from such malware is to make sure it doesn’t get installed in the first place.

As a general rule of thumb, Microsoft reminds, Android apps should not be sideloaded (installed from untrusted sources)  and should always be kept up to date. Furthermore, apps should not be given SMS permissions, access to the notification listener or accessibility access unless there is a clear reason they are necessary.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

MacBook Air OLED reportedly delayed until at least 2028 – here’s why