Anyone with an Android phone in their pocket needs to be on high alert if they want to avoid becoming a victim of a costly new attack. The new warning has come directly from the team at Microsoft’s 365 Defender Research division who say they have spotted the resurgence of nasty threats called toll fraud malware.
These vicious bugs have the ability to sign unsuspecting users up for hugely expensive subscription plans without them ever knowing or agreeing to the payments. Microsoft says that this type of billing fraud is one of the most prevalent types of Android malware – and it continues to evolve at an alarming rate.
This type of threat was actually first discovered back in 2017 with cyber thieves using the infamous Joker malware to attack devices and secretly sign people up to small monthly payments which the criminals hope go noticed.
Things have advanced significantly since then with hackers now using a number of new tactics to infiltrate devices and even avoid in-built security.
Microsoft says that some attacks have the ability to intercept one-time passwords that are sent out to users to make sure things stay secure and even suppress SMS notifications related to the subscription. This means the Android owner won’t receive alerts explaining that they’ve been signed up for something new and how much it’s costing each month.
“By subscribing users to premium services, this malware can lead to victims receiving significant mobile bill charges,” Microsoft explained in a blog post. “Affected devices also have increased risk because this threat manages to evade detection and can achieve a high number of installations before a single variant gets removed.”
It’s clearly a growing problem with those who don’t pay close attention to their monthly outgoings at risk of losing hundreds of pounds a year.
To help Android users beat the crooks Microsoft has now issued some important advice which includes being on high alert whenever installing apps onto their devices.
In fact, Microsoft says that Android owners should only download applications from Google’s Play Store or other trusted sources and should avoid installing anything that’s sent via a text or email as these could be scams.
It’s also a good idea to avoid granting SMS permissions, notification listener access, or accessibility access to any applications without a strong understanding of why the application needs it. These are powerful permissions that are not commonly needed.
Adding additional security software is also a good idea and it’s also important to make sure the device has been updated with the latest security upgrades.
Microsoft even warns that if a phone is so old it no longer gets operating system updates then it’s a good idea to buy something new.
“Toll fraud is one of the most common malware categories with high financial loss as its main impact,” said the US tech firm. “Due to its sophisticated cloaking techniques, prevention from the side of the user plays a key role in keeping the device secure. A rule of thumb is to avoid installing Android applications from untrusted sources (sideloading) and always follow up with device updates.”
Credit: Source link