The Microsoft 365 Defense team says there is an increasingly popular type of malware that can subscribe victims to premium services without their knowledge. However, this attack is quite sophisticated, and the malware has to perform quite a few steps. Apps that harbor malware is often classified as “toll fraud” and use “dynamic code loading” to carry out the attack.
In short, the malware subscribes to a premium service using the carrier’s monthly bill, forcing unsuspecting victims to pay. The malware only works by exploiting the so-called WAP (Wireless Application Protocol) used by cellular networks. That’s why some forms of malware disable phone Wi-Fi or wait until outside Wi-Fi coverage before activating.
This is where the aforementioned dynamic code loading comes into play. Then, in the background, the malware will issue instructions to subscribe to the service, read the OTP (one-time confirmation password) you may have received before subscribing, automatically fill in the OTP fields, and hide the notification to cover its tracks.
The good news is that the malware mostly spreads outside of Google’s official app store due to Google’s policy that restricts apps from using dynamic code loading. So be careful when using your phone and try to avoid sideloading Android apps.
If you like our news and you want to be the first to get notifications of the latest news, then follow us on Twitter and Facebook page and join our Telegram channel. Also, you can follow us on Google News for regular updates.