Microsoft warns about Android malware that could secretly steal your money

Android malware code
(Image credit: Jay Bonggolto / Android Central)

What you need to know

  • Microsoft has issued a warning to Android users about toll fraud malware that is constantly evolving.
  • This type of malware subscribes unsuspecting users to premium services without their knowledge.
  • Hefty subscription fees will then be charged on your monthly phone bill with no consent.

Microsoft has warned Android users that still use older versions of the operating system about an evolving malware that can empty their wallet without their knowledge.

Microsoft's 365 Defender team has shared their findings (opens in new tab) about toll fraud malware, a type of billing fraud designed to sign you up for unwanted premium services without your consent. According to the researchers, it is one of the most dangerous types of malware because it is constantly evolving.

The team said that toll fraud malware abuses a billing mechanism called Wireless Application Protocol (WAP) to attack Android users. Legitimate apps use WAP to charge users for paid content through their mobile phone bill.

However, the toll fraud malware automatically enrolls you in premium services without your knowledge. Because it relies on cellular networks to function, it begins the attack once you are disconnected from a Wi-Fi network. When you're connected to a mobile network, the malware opens the subscription page in question and subscribes to a service on your behalf. It will then read an OTP (one-time password), if any, and fill out the necessary fields to complete the subscription process. Attackers are able to hide this activity by disabling SMS notifications.

This malware poses a number of risks, chief among them being the hefty charges on your monthly phone bill. Worse, the toll fraud malware is designed to avoid detection.

Microsoft says toll fraud malware hides behind apps that appear to be legitimate but are designed to request permissions beyond what their functions require. A camera app that requests SMS permissions is a common example.

The researchers noted that this malware targets Android phones running Android 9 and older versions. This means you're safe if you're running Android 10 or higher, but it still pays to use some of the best Antivirus apps for Android for extra protection. More importantly, Microsoft reminds users not to install apps from untrusted sources.

Jay Bonggolto
News Writer

Jay Bonggolto always keeps a nose for news. He has been writing about consumer tech and apps for as long as he can remember, and he has used a variety of Android phones since falling in love with Jelly Bean. Send him a direct message via Twitter or LinkedIn.