A recent report from Microsoft Security claims that a malware is targeting Android users and signing them up for pricey premium services they didn’t ask for or subscribe to.
The malware adds these fees to the victim’s monthly telecom bill, leaving him or her with the bill at the end of the day.
These payments are typically made without hesitation because no one wants their phone to be disconnected, although many victims don’t even bother to check their phone bills each month.
The malware may disconnect you from Wi-Fi or employ other techniques to force you onto your cellular network because this attack uses a cellular network to carry out its dirty work.
The malware begins the process of subscribing to premium services once a connection to a cellular network is established and will even steal a one-time password (OTP) sent to verify your identity.
To prevent the victim from canceling their subscription, any notification that would otherwise be sent to confirm their subscription to a service is suppressed.
The attackers want to spread their apps to as many phones as they can while maintaining a long listing in the Google Play Store.
Typically, these apps are categorized under well-known subcategories like personalization (wallpaper and lock screen apps), editor, communication (messaging and chat apps), photography, and tools (like cleaner and fake antivirus apps).
These apps request a lot of permissions, some of which are unnecessary, in addition to a large number of permissions. For instance, a malicious wallpaper app might request access to your SMS apps. That is not a permission that a program like that would typically require.
These malicious apps frequently have similar UIs, icon sets, and button layouts. Look for fake developer names and email addresses in the developer profile. Watch out for poor grammar and spelling in the listing.
Refrain from sideloading apps
The result of this malware is that victims end up paying significantly higher mobile invoices because they are charged for premium services they did not authorize.
Additionally, a sizable number of these apps could be installed before the attack is identified because they can avoid detection.
This malware falls under the toll fraud category, which in the first quarter of 2022 accounted for 34.8% of installed “Potentially Harmful Applications” (PHA) from the Google Play Store, second only to spyware.
If there’s anything we can advise, it’s to avoid sideloading apps onto your Android device, even though Google permits it. You install an app from an unreliable app store when you sideload it.
For instance, sideloading occurs whenever you install a third-party app on your Android device that wasn’t obtained from the Google Play Store.
Search for indications that you downloaded a malicious app. These warning signs include rapid battery depletion, connectivity problems, a constantly overheating phone, and sluggish performance. Watch out for a lot of pop-up advertisements.
Additionally, check your monthly mobile bill twice and look for charges for services you don’t recall signing up for. You need to get in touch with your carrier right away if you notice any of these warning signs.
Remember that it’s unlikely that your carrier will refund your money once you’ve fallen victim to this trap. Therefore, it is better for you if you can realize that you have been duped as soon as possible.