Skip to content
Microsoft recently published a blog post that warned Android users of a new malicious malware that is going around, called the Toll Fraud malware. The concern that Microsoft raises about this malware is that it can drain the payment wallets in infected devices and empty your bank accounts.
Microsoft researchers Dimitrios Valsamaras and Sang Shin Jung detailed the continuing evolution of “toll fraud malware” and how it attacks Android devices.
The malware falls under billing fraud, “in which malicious applications subscribe users to premium services without their knowledge or consent” and “is one of the most prevalent types of Android malware.”
According to a Google transparency report, most of the installations of this malware are in India, Russia, Mexico, Indonesia, and Turkey.
How does the Toll Fraud Malware work?
What this malware does, is that it disconnects your device from WiFi and allows the device to only operate on the cellular network. It then takes over the WAP or the Wireless Application Protocol.
WAPs, typically allow consumers to subscribe to paid content and add the charge to their phone bill. Once it hijacks the WAP, the malware subscribes to premium services while intercepting one-time passwords (OTP) that a legit service provider may have sent you to verify your identity.
These SMSs are then forwarded to a database, which malicious hackers and actors can use to hack into various accounts that you own, even your bank accounts.
The Toll Fraud malware is one of the oldest in existence and has been going around since dial-up internet. However, over the decades, it has evolved into something very sophisticated.
The current malware version can evade detection and achieve a high number of installations before a single variant can be removed. It uses dynamic code loading, which makes it difficult for real mobile security solutions and antiviruses to detect threats.
It also suppresses SMS notifications and app notifications from wallets and dedicated banks. This way, by the time a user gets to know that their device has been infected, it is very late.
How do Android devices get infected by the Toll Fraud malware?
Not all apps on the Play Store are legit. Most free antiviruses, file managers, beauty filters, and wallpaper apps have some malware embedded in them.
The biggest red flag that such apps throw up is asking for bizarre permissions. For example, a camera app requesting permission to send or read SMSs makes no sense. Or, a wallpaper app asking for permissions to read notifications and monitor them again makes no sense. People often ignore what sort of permissions certain apps ask for.
How to protect yourself from Toll Fraud malware?
Users need to be very careful of the apps they download, even if they do it through the Play Store. Also, avoid sideloading apps.
Avoid installing apps that require excessive permissions for programs that don’t need such privileges. Also, avoid apps that have similar UIs or icons to that of legitimate proper apps.
Keep an eye on the developer profiles that look fake or have poor grammar and if the app has a slew of bad reviews.
