android: this android malware can empty your mobile balance

Microsoft alerted users oftoll fraud“Malware On” Android Which can end your mobile wallet by switching off Wi-Fi connection.

Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique practices.

According to the Microsoft 365 Defender research team, while SMS fraud or call fraud uses a simple attack flow to send a message or call to a premium number, toll fraud consists of a complex multi-step attack flow that malware developers can rectify. continue.

“For example, we looked at new capabilities related to how this threat targets users of specific network operators. It performs its routine only if the device is subscribed to one of its target network operators,” the company said. warned.

It, by default, uses the cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available.

Once the connection to the target network is confirmed, it secretly initiates a fraudulent subscription and confirms it without the user’s consent, in some cases even intercepting one-time passwords (OTP) to do this.

“It then suppresses subscription-related SMS notifications to prevent the user from becoming aware of fraudulent transactions and unsubscribing from the service,” Microsoft explained.

Another unique behavior of toll fraud malware is its use of dynamic code loading, which makes it difficult for mobile security solutions to detect threats.

Despite this evasion technique, the team identified features that could be used to filter and identify this threat.

“We also see adjustments in Android API restrictions and Google Play Store publishing policy that can help mitigate this threat,” the company said.

“A rule of thumb is to avoid installing Android applications from untrusted sources (sideloading) and always follow device updates,” Microsoft advised.

It states, “Avoid granting SMS permissions, notification listener access, or accessibility access to any application without a strong understanding of why the application needs it.”