"Toll Fraud Malware Turns Off Wi-Fi And Pushes Premium Subscriptions"

One of the most common Android risks, toll fraud malware, is expanding with capabilities that enable automated membership to premium services, according to a Microsoft warning. In toll fraud, a subset of billing fraud, the threat actor tricks victims into calling or texting a premium number. Toll fraud, on the other hand, requires a mobile operator's network connection because it cannot operate over Wi-Fi. Microsoft has provided technical information on how Android users can protect themselves from toll fraud software. Toll fraud is carried out using the Wireless Application Protocol (WAP), which allows customers to subscribe to premium content and charge the fee to their phone bill. The consumer must click a subscription button to connect via the mobile network. In addition, some services request that users confirm their choice by sending a one-time password (OTP). The fraudulent subscription is initiated, OTPs are intercepted, and warnings that would otherwise alert the victim are suppressed by the malware that facilitates toll fraud. Toll fraud malware authors often include features that make the harmful activity as covert as possible. If the infected device's mobile network is not on the list, one option is to keep the infection dormant. Another approach is to use dynamic code loading, which allows some code to load only under certain conditions. This makes detecting the infection more difficult, especially when using static analysis. This article continues to discuss the phases, process, capabilities, and mitigation of toll fraud malware.

CyberIntelMag reports "Toll Fraud Malware Turns Off Wi-Fi And Pushes Premium Subscriptions"