Microsoft has warned users about an Android malware called “toll fraud” that can take money out of the user’s wallet.
Microsoft said that SMS fraud or call fraud uses a simple attack flow to send a message or call to premium numbers, while toll fraud consists of a complex multi-step attack flow, involving malware developers.
Another unique behavior of toll fraud malware is its use of dynamic code loading, which makes it difficult for mobile security solutions to detect threats. Users are advised to avoid installing Android applications from untrusted sources and always follow device updates.
Instead of using SMS or phone calls, toll fraud uses the Wireless Application Protocol (WAP), which charges the transaction to the user’s phone bill. It does not function over Wi-Fi, and malware programs frequently attempt to disconnect the users from Wi-Fi before forcing them to use a cellular network.
The company said, “Toll fraud malware, a subcategory of billing fraud in which malicious applications trick users into subscribing to premium services without their knowledge or consent, is one of the most prevalent types of Android malware – and it continues to evolve.”
Microsoft claims that the unauthorized subscription begins when the user initiates a connection with the service provider over a cellular network. The user is sent to the website that offers the subscription service after they have connected to the network.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.