A new Android malware can subscribe users to premium services without consent, Microsoft's 365 Defender team recently revealed. In a blog post, the team explained how this malware is deployed. Microsoft says that apps that carry the malware are commonly known as "toll fraud" and depend on "dynamic code loading" to attack.
The malware essentially subscribes affects Android users to a premium service by using their telecom provider's monthly billing cycle. Once subscribed, users have no choice but to pay for the services as part of the bill.
This mechanism works by exploiting WAP (wireless application protocol) used by cellular networks. Most malware operate by turning off the user's Wi-Fi, or simply by waiting for them to leave Wi-Fi coverage area.
Also read:?These Three Android Apps With 'Joker' Malware Have Been Draining People's Money
When Wi-Fi access is temporarily lost, the "dynamic code loading" comes into play. In the background, the malware subscribers you to a service, proceeding to read an OTP (one-time password) used to subscribe to services, then fills in the OTP, later covering all its tracks - you wouldn't even see it in the notification section!
Thankfully, the malware is largely found outside of the Google Play ecosystem, i.e., it might affect your device if you download APK files from dubious sources to install apps on your Android smartphone.?
Also read:?This Android Malware Is Erasing Smartphones After Stealing Money From Bank Accounts
Microsoft says that Google restricts the use of dynamic code loading by apps, but it's still a good idea to double-check the credentials of all apps that you download on the Play Store. For starters, check the publisher's name and website to see if they're legit. Always look at reviews and rating before pressing download - if it appears sketchy, it most probably is.
Apps that are verified by Google Play protect are the safest ones to download on your Android smartphone.
Have you been affected by a malware attack on your Android smartphone? Let us know in the comments below. For more in the world of?technology?and?science, keep reading?Indiatimes.com.
References
Team, M. D. R. (2022, June 30). Toll fraud malware: How an Android application can drain your wallet. Microsoft Security Blog.?