Microsoft has just warned Android smartphone users about toll fraud malware, one of the most prevalent threats to Google’s operating system.
In a new Android smartphone security report, Microsoft detailed the evolving capabilities of malicious toll fraud apps, highlighting the “ complex multi-stage attack flow and an improved mechanism to evade security scans. Toll fraud, or Wireless Application Protocol (WAP) fraud, is more complex than SMS or call fraud.
Indeed, toll fraud is a subset of billing fraud. It consists of using an infected device to connect to the payment pages of a paid service via the device’s WAP connectionand of force the user to subscribe to paid content and add the charge to their phone bill.
How do hackers steal your money?
Thanks to the malware hidden in the applications, hackers are able to disable the Wi-Fi connection of your smartphone and then discreetly subscribe to expensive wireless services and to intercept the messages received. Payments are then billed to your device’s phone bill.
Toll cheats do not work over Wi-Fi, which is why malware disables your connection to connect to services over the mobile network. The consumer is then forced to click on a subscription button. Some services send a one-time password (OTP) for the customer to confirm their choice, but since the hackers also have access to your messages, the entire malicious procedure is automated.
To protect themselves, Microsoft advises users to “ to avoid granting SMS permissions, notification listening access, accessibility access to any app without fully understanding why the app needs it “. This will prevent hackers from directly recovering the code sent by SMS to confirm subscription to the online service.
These malwares that attack your bank account are far from being the only ones to target Android smartphones, since we mentioned a few days ago the arrival of a new trojan called Revive targeting users of a banking group multinational. We also remember the BRATA malware, capable of spying on customer messages sent via their banking application, or even SMS Factory, an Android Trojan that can cause your telephone bill to explode.