Search

Nasty Android bug secretly subscribes you to paid apps — how to avoid it - Laptop Mag

https://ift.tt/BSYD8ni

There's a nasty Android bug on the loose, according to the Microsoft 365 Defender Research Team (opens in new tab), and it can drain your bank account for months if you're not cognizant of its presence. The vulnerability, called toll fraud malware, facilitates billing fraud, allowing malicious actors to secretly sign you up for paid services on your behalf.

It gets worse! Sometimes, companies send text messages to subscribers to confirm payment, right? However, with this ugly Android bug, cybercriminals can suppress those text messages, ensuring that victims have no idea what's going on behind their back.

How toll fraud malware works

So how do malicious actors get you to sign up for subscriptions without your consent? They take advantage of a mechanism called Wireless Application Protocol billing, which sends charges directly to consumers' phone bills after they've made a purchase (e.g., HBO Max)

They also disable victims' Wi-Fi because toll fraud malware requires a cellular connection to be successful. According to the Microsoft 365 Defender Research Team, threat actors target users of specific network operators. "Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user's consent," the researchers said.

Toll fraud malware can even intercept one-time passwords (OTPs) that are often sent to subscribers to verify paid services. Some providers don't roll out OTPs, which means hackers can subscribe to apps on victims' behalf with just one click.

As mentioned, even text messages about the new subscription enrollment get thwarted. "By having access to the notification listener service, the malware can [...] remove the notification."

Now, the victim has no idea that they've been signed up for unwanted premium services until they check their monthly phone bill. Among those who pay without looking, this deceptive scheme can go on for months — even years.

How to avoid it

This nasty Android bug can end up on your phone if you unwittingly download an inauthentic, malware-injected app masquerading as a legitimate platform in the Google Play Store. They're often pretending to be "cleaners" (e.g. phony antivirus apps), photography apps, chat and messaging platforms, and personalization apps.

How do you know if an app is fake? If it's asking for permission to utilize a function that doesn't align with its purpose, something's up (e.g., a "photography app" asking for SMS privileges).

Toll fraud malware isn't new, but Microsoft warns that it's still continuing to evolve over time. It's worth noting that this vulnerability only affects users with phones that run Android 9.0 or older. As such, simply updating your device should suffice. If you can't run any updates on it, check out our best mobile security apps page.

Adblock test (Why?)



"Android" - Google News
July 06, 2022 at 11:23PM
https://ift.tt/U9XIsor

Nasty Android bug secretly subscribes you to paid apps — how to avoid it - Laptop Mag
"Android" - Google News
https://ift.tt/YmKlwIu
https://ift.tt/BSYD8ni

Bagikan Berita Ini

0 Response to "Nasty Android bug secretly subscribes you to paid apps — how to avoid it - Laptop Mag"

Post a Comment


Powered by Blogger.