New Android fraudulent subscription malware discovered by Microsoft

Written by admin

‘s security team Microsoft 365 Defender Research Company has discovered a new type of money-grabbing Android malware that aims to steal your hard-earned money using one of the most dangerous methods ever devised: subscribing to paid services on your own initiative.

The so-called toll fraud method uses the old Wireless Application Protocol (WAP) protocol that connects you to the mobile internet and which your carrier uses to charge you for legitimate services like Spotify or even HBO Max.

When disconnected from a Wi-Fi network, the new malware opens a subscription page and fills in your details, including any one-time passwords required. This happens while texting services are temporarily disabled so you don’t get a subscription notification until you get your monthly phone bill and are surprised.

Alternatively, you just pay without looking and the scam goes on for months. The Android malware is written in such a way that it looks like an average service to the unsuspecting user, hiding behind unnecessary permissions.

Toll fraud malware variants targeting Android API level 28 (Android 9.0) or lower disable Wi-Fi by calling the setWifiEnabled method of the WifiManager class. The permissions required for this call are ACCESS_WIFI_STATE and CHANGE_WIFI_STATE. Since the protection level for both permissions is set to normal, they are automatically approved by the system‘ said the Microsoft researcher.

If an app designed to do something totally unrelated asks for permission for text messages, the researchers say, it should immediately raise your suspicion. The best way to avoid the new Android toll fraud, Microsoft says, is simply to use a phone running Android 10 or later.

Until Android 9, these kinds of apps could disappear undetected, so if you’re on an older Android version, you’d better update your phone, or if there’s no more update for it, at least install some sort of security protection on it.

About the author


Leave a Comment