Watch out for malware that hacks and drains your wallet

Watch out for malware that hacks and drains your wallet

Microsoft warns of new 'toll fraud' malware in apps that can force off your WiFi and steal from your bank account

by CyberGuy Staff

If you haven’t yet heard of toll fraud malware, it’s one of the most evolving types of billing fraud that continues to attack Android phones.

The latest toll fraud malware is coming from apps on the Google Play Store that look legitimate.  Instead, they have harmful tech behind them that can subscribe you to premium services you never intended to pay for.

Here’s how to watch out for this malware and protect yourself – especially if you have an Android device.

 

Android toll fraud malware

 

How do you become a victim of ‘toll fraud’?

Not every application on the Google Play Store is safe. While Google tries to use security measures to check apps for potential malware, the way this app harms your device is sneaky.

First, a user downloads an app from the Google Play Store because it may seem like a normal, safe application. The problem is that the dangerous apps are able to update themselves once downloaded on your device, and the updated version of the app may contain malware that has now bypassed the Google Play Store’s security scans.

What does ‘toll fraud’ malware do to your device?

The dangerous app now is able to prompt the user to click additional links, and it will even turn off WiFi and use your cellular data to sign you up for unwanted services.

These toll fraud malware software updates use Wireless Application Protocol (WAP) to sign you up for the services. Microsoft has broken down the steps the malware takes, sometimes using a one-time password (OTP) to trick the user to subscribe to services.

Here is the process for this toll fraud malware:

  1. Disable the Wi-Fi connection or wait for the user to switch to a mobile network
  2. Silently navigate to the subscription page
  3. Auto-click the subscription button
  4. Intercept the OTP (if applicable)
  5. Send the OTP to the service provider (if applicable)
  6. Cancel the SMS notifications (if applicable)

 

Why this malware is considered billing fraud

Microsoft classifies a subscription as fraudulent when it takes place without a user’s consent. These hackers are able to subscribe you to premium services, eventually stealing money from your digital wallet or even by making large charges directly to your cellular bill.

 

How do you prevent yourself from being attacked by toll fraud malware?

Make sure you follow these steps, especially if you are an Android user, so you don’t become a victim of toll fraud malware.

1. Make sure apps are legitimate before downloading

Always do your own research before downloading an App. Double check the app’s developer (IE Facebook app should come from Meta Platforms, Inc) to confirm it is a real application. Also read reviews, both good and bad, to see if anyone has encountered problems previously.

2. Update your device regularly

Android, Google, Samsung, Apple, and any other company behind your most-used devices regularly run tests and learn about new security flaws. When you ignore those “update your device” prompts, there’s a chance you’ll miss the software updates that tackle the latest security flaws.  Always keep your iOS or Android software up to date.

3. Use antivirus software

Antivirus software isn’t just for computers. Total AV total protection can also protect cell phones and tablets, making it harder for hackers to get into your device. Software updates won’t catch every type of malware as hackers are constantly changing their tech, so make sure you’re always protected.

 

Install good security protection on all of your devices for the best protection.  My top pick is TotalAV (Limited time deal: $19 your first year (80% off).  More of my review: Best Antivirus Protection in 2022 found here.

 

Related:


   

12 comments

Martha August 15, 2022 - 8:19 am

My grandson is using an app where he scans receipts for him to earn money. A penny or so per receipt. I am concerned this is malware. Has anyone heard of this?

Reply
Kurt Knutsson
Kurt Knutsson August 19, 2022 - 3:56 pm

Hi Martha, not quite sure which app you’re referring to, but we have covered a number of apps in this article: 6 new apps for saving money while you shop , and thus far, there have been no reports of any malware associated with these apps.

Reply

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder