This Android malware switches off Wi-Fi and drain mobile wallet


New Delhi, Jul 2 (IANS): Microsoft has alerted users of "toll fraud" malware on Android that can drain your mobile wallet by switching off Wi-Fi connection.

Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique behaviours.

According to Microsoft 365 Defender research team, whereas SMS fraud or call fraud use a simple attack flow to send messages or calls to a premium number, toll fraud has a complex multi-step attack flow that malware developers continue to improve.

"For example, we saw new capabilities related to how this threat targets users of specific network operators. It performs its routines only if the device is subscribed to any of its target network operators," warned the company.

It also, by default, uses cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available.

Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user's consent, in some cases even intercepting the one-time password (OTP) to do so.

"It then suppresses SMS notifications related to the subscription to prevent the user from becoming aware of the fraudulent transaction and unsubscribing from the service," Microsoft explained.

Another unique behaviour of toll fraud malware is its use of dynamic code loading, which makes it difficult for mobile security solutions to detect threats.

Despite this evasion technique, the team identified characteristics that can be used to filter and detect this threat.

"We also see adjustments in Android API restrictions and Google Play Store publishing policy that can help mitigate this threat," said the company.

"A rule of thumb is to avoid installing Android applications from untrusted sources (sideloading) and always follow up with device updates," Microsoft advised.

"Avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it," it added.

 

  

Top Stories


Leave a Comment

Title: This Android malware switches off Wi-Fi and drain mobile wallet



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.