‘s security team Microsoft 365 Defender Research Company has discovered a new type of money-grabbing Android malware that aims to steal your hard-earned money using one of the most dangerous methods ever devised: subscribing to paid services on your own initiative.
The so-called toll fraud method uses the old Wireless Application Protocol (WAP) protocol that connects you to the mobile internet and which your carrier uses to charge you for legitimate services like Spotify or even HBO Max.
Alternatively, you just pay without looking and the scam goes on for months. The Android malware is written in such a way that it looks like an average service to the unsuspecting user, hiding behind unnecessary permissions.
If an app designed to do something totally unrelated asks for permission for text messages, the researchers say, it should immediately raise your suspicion. The best way to avoid the new Android toll fraud, Microsoft says, is simply to use a phone running Android 10 or later.
Until Android 9, these kinds of apps could disappear undetected, so if you’re on an older Android version, you’d better update your phone, or if there’s no more update for it, at least install some sort of security protection on it.