Android users are attacked by malware that inadvertently buys premium subscription services that they don’t want or subscribe to, According to a blog from Microsoft Security.
In a report by Microsoft researchers Dimitrios Valsamaras and Sang Shin Jung, the pair detailed the continuing evolution of the “malware fraud toll” and the ways it attacks Android users and their devices. According to the team, fraud malware falls into a subcategory of billing fraud “where malicious apps engage users in premium services without their knowledge or consent” and “is one of the most prevalent types of Android malware.”
The electronic fraud works on Wireless Application Protocol (WAP), which allows consumers to subscribe to paid content and add charges to their phone bill. Since this attack relies on a cellular network to do the dirty work, the malware might disconnect you from your Wi-Fi network or use other means to force you onto the cellular network. While connected to the cellular network, the malware will start subscribing to premium services while masking any one-time passwords (OTP) sent to verify your identity. This is to keep targets in the dark so they don’t unsubscribe.
Evolution of malware to defraud the proceeds from a file Telephone days It poses a serious threat, researchers warn. Malware can result in victims receiving large mobile phone bill fees. In addition, affected devices also have an increased risk because malware is able to evade detection and can achieve a large number of installations before removing a single variant.
How did this malware end up on my device in the first place?
This type of attack starts when the user downloads any application in which the malware is hidden in the Google Play Store. These Trojan apps are usually listed in popular categories in the App Store such as Personalization (background and lock screen apps), Beauty, Editor, Communication (messaging and chat apps), Photography, and Tools (such as cleaner and fake antivirus apps). The researchers say that these apps will ask for permissions that don’t make sense for what is being done (for example, a camera or wallpaper app that requests eavesdropping privileges on SMS or notifications).
These apps are intended to be downloaded by as many people as possible. Valsamaras and Shin Jung have identified some common ways attackers will try to keep their app on the Google Play Store:
Download clean versions so the app gets enough installs.
Update the application to dynamically load malicious code.
Disconnect the malicious stream from the downloaded application to remain undetected for as long as possible.
What can I do to protect against malware?
Valsamaras and Shin Jung say that potential malware in the Google Play Store has common characteristics that one can look for before downloading any app. As mentioned above, some applications will request excessive permissions for programs that do not require such privileges. Other characteristics to look for are apps with similar user interfaces or icons, developer profiles that look fake or have bad grammar, and whether the app has a large number of bad reviews.
If you think you have already downloaded a potential malware application, some common signs include rapid battery drain, connection issues, constantly overheating, or if the device is running much slower than usual.
The husband also warned not to upload any apps that you can’t officially get on the Google Play Store, as this could increase the risk of infection. Their findings showed that phishing malware accounted for 34.8% of “potentially malicious applications” (PHA) installed from the Google Play Store in the first quarter of 2022, second only to spyware.
According to Google’s Transparency Reportsays most of the facilities originated from India, Russia, Mexico, Indonesia and Turkey.