A warning from Microsoft has been forwarded to its Android users about the malware that purchases premium subscription online even without their knowledge. According to a report, Microsoft researchers have given the details of a “toll fraud malware' and also the way it attacks Android users and their devices.

HIGHLIGHTS
Android users and their devices are getting attacked by toll fraud malware
The trick for toll fraud works through Wireless Application Protocol (WAP) 
Researchers disagree on sideloading apps that are not found on the Google Play Store

Researchers Dimitrios Valsamaras and Song Shin Jung have consciously kept the malware under the subcategory of billing frauds where without the knowledge of users, the malicious make them to subscribe to the premium services. The recent malware is considered as one of the most prevalent types of Android malware. The trick behind toll fraud doesn't work via SMS or calls but it works with the help of the Wireless Application Protocol (WAP) which bills the purchase on the user’s phone bill. It does not work over Wi-Fi, and in several cases, the malware apps would try to disconnect people from Wi-Fi to force them on cellular network.

Well, according to Microsoft the unwarranted subscription starts with the user beginning a session with the service provider over a cellular network. Once the user is on network, they are guided on to the website that gives the subscription service. At times, OTP (one time password) is needed but the malicious apps find out a way of hiding the OTP which is needed to verify one’s identity.

In a report, Microsoft has mentioned that it classifies a subscription as fraudulent when it takes place without a user’s consent. Here are the steps that a toll fraud malware performs so that they can subscribe users to unwanted services.

1. Disable Wi-Fi connection or await for user to switch to cellular data

2. Silently navigate to the subscription page

3. Auto-click the subscription button

4. Intercept the OTP (if applicable)

5. Sent the OTP to service provider

6. Cancel SMS notifications (if applicable)

Before these steps, the malware tries to identify the subscriber’s country and mobile network through MCCs (mobile country codes) and MNCs (mobile network codes). This is especially done to target the users within a specific country or particular region.

To stay safe, the Microsoft researchers have said that there are common characteristics that users will search for on Google Play Store. Well, there are some apps that ask for several permissions that may be a red flag. Further, if any apps use such similar UI or icons, or fake developer profiles with relatively wrong grammar, or if the apps have unhealthy reviews. These are certain things that Android users should check on before downloading such apps from the Google Play Store.

If a user has downloaded any such malicious apps, the signs that look like fast battery drain, or connectivity problems (especially lack of Wi-Fi signal), or the heating up of device is more than usual are absolute signs to uninstall the app and delete all the data. The researchers have also discouraged on the idea of side loading of apps that users are unable to find on the Google Play Store, as that may increase the danger.

Also Read: Microsoft Urges its Users to Update their Systems Urgently