FP ExplainersJul 06, 2022 13:10:14 IST
Microsoft recently published a blog post that warned Android users of a new malicious malware that is going around, called the Toll Fraud malware. The concern that Microsoft raises about this malware, is the fact that it can drain the payment wallets in infected devices, and, can also empty your bank accounts.
Microsoft researchers Dimitrios Valsamaras and Sang Shin Jung detailed the continuing evolution of “toll fraud malware” and the ways in which it attacks Android devices.
The malware falls under the subcategory of billing fraud “in which malicious applications subscribe users to premium services without their knowledge or consent” and “is one of the most prevalent types of Android malware.”
According to a Google transparency report, most of the installations of this malware are in India, Russia, Mexico, Indonesia, and Turkey.
How does the Toll Fraud Malware work?
What this malware does, is that it disconnects your device from WiFi, and allows the device to only operate on the cellular network. It then takes over the WAP or the Wireless Application Protocol.
WAPs, normally allow consumers to subscribe to paid content and add the charge to their phone bill. Once it hijacks the WAP, the malware starts subscribing to premium services while also intercepting one-time passwords (OTP) that a legit service provider may have sent you to verify your identity.
These SMSs are then forwarded to a database, which malicious hackers and actors can use to hack into various accounts that you own, even your bank accounts.
The Toll Fraud malware is one of the oldest malware in existence and has been going around since the time of dial-up internet. However, over the decades, it has evolved into something very sophisticated.
The current version of the malware is able to evade detection and can achieve a high number of installations before a single variant can be removed. It uses dynamic code loading, which makes it difficult for genuine mobile security solutions and antiviruses to detect threats.
It also suppresses SMS notifications and app notifications from wallets and dedicated banks. This way, by the time a user gets to know that their device has been infected, it is very late.
How do Android devices get infected by the Toll Fraud malware?
Not all apps on the Play Store are legit. Most of the free antiviruses, file managers, beauty filters and wallpaper apps have some sort of malware embedded in them.
The biggest red flag that such apps throw up is asking for bizarre permissions. For example, a camera app, asking permission to send or read SMSs make no sense. Or, a wallpaper app, asking for permissions to read notifications and monitor them again makes no sense. People often ignore what sort of permissions certain apps ask for.
How to protect yourself from Toll Fraud malware?
Users need to be very careful of the apps they download, even if they are doing it through the Play Store. Also, avoid sideloading apps.
Avoid installing apps that ask for excessive permissions for programs that don’t require such privileges. Also, avoid apps which have similar UIs or icons to that of legitimate proper apps.
Keep an eye on the developer profiles that look fake or have poor grammar, and if the app has a slew of bad reviews.
