Microsoft has warned of malware called ‘toll fraud’ which is targeted at Android users via the Google Play Store. The company has described the malware as one disguised as normal apps on the Google Play Store, once installed, it drains the wallets of unsuspecting users. Microsoft further explains that toll fraud malware is a subcategory of billing fraud in which users are subscribed to premium services of the malicious applications without their knowledge or consent.
This toll fraud malware is a type of malware that has been identified to be one of the most prevalent types targeted at Android users. Compared to other subcategories of billing fraud, which can occur as SMS fraud and call fraud, toll fraud exhibits more unique behaviours. Over the years this type of malware has continued to evolve thereby utilizing various approaches and social engineering. While SMS fraud or call fraud utilizes a simple attack flow to send messages or place calls to user numbers, toll fraud utilises a more complex approach, with multiple flows of steps that malware developers continue to identify and improve.
Microsoft explains how the malware operates in a blog saying, ”We saw new capabilities related to how this threat targets users of specific network operators. It performs its routines only if the device is subscribed to any of its target network operators. It also, by default, uses the cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available.” The blog post further explains that “Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user’s consent, in some cases even intercepting the one-time password (OTP) to do so. It then suppresses SMS notifications related to the subscription to prevent the user from becoming aware of the fraudulent transaction and unsubscribing from the service,” the company added.
Microsoft has identified possible ways this malware gets on phones of Android users.
This attack starts by downloading apps the malware is disguised as in the Google Play Store.
These trojan apps are usually listed in popular categories in the app store such as personalization (wallpaper and lock screen apps), beauty, editor, communication (messaging and chat apps), photography, and tools (like cleaner and fake antivirus apps).
The researchers say that these apps will ask for permissions that don’t make sense for what is being done (i.e. a camera or wallpaper app asking for SMS or notification listening privileges).
How to keep your device secured and stay from the malware
Microsoft has identified high financial loss as the main impact of the toll fraud malware. This is a result of its sophisticated cloaking techniques, that said, prevention from the side of the user plays a key role in keeping the device secure. According to researchers and cyber security experts,, avoiding the installing of Android applications from untrusted/ unverified sources and always following up with device updates. It also recommends that end-users take these steps to protect themselves from toll fraud malware:
Install applications only from the Google Play Store or other trusted sources.
Avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it. These are powerful permissions that are not commonly needed.
Use a solution such as Microsoft Defender for Endpoint on Android to detect malicious applications.
If a device is no longer receiving updates, strongly consider replacing it with a new device.
About a month ago, Microsoft announced the release of the extended protection of its security product called Microsoft Defender. The security product is aimed at helping simplify personal device security and would have the ability to bring together various security elements right on a single dashboard. The Microsoft Defender antivirus product was initially built into Windows 10 and 11 primarily but it is now available to protect a wide range of devices, not just PCs running on Windows, macOS, iOS, and Android. Microsoft Defender for individuals is designed to protect devices and offers security tips that bridge any security gaps that may arise.
Olagoke Ajibola is a creative writer and content producer with an eye for details and excellence. He has a demonstrated history of telling stories for TV, Film and Online. Aside from being fascinated by the power of imagination, his other interest are travel, sport, reading and meeting people.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
