How often do you go over the details of your mobile phone bill? You might not notice unnecessary or unwanted charges if you don’t check them regularly. Not focusing on your monthly bill is something that scammers are counting on.
A few dollars here and there might not seem like much, but it can add up to a tidy sum over a few months. The scary thing about several new malware variants is they can sit dormant on your phone, disguised as regular apps.
Read on to see how these apps turn on you once malware has been activated and how to spot them.
Here’s the backstory
Microsoft is warning Android users to be vigilant when downloading mobile apps. That’s because some malicious apps sign up unsuspecting users for premium services without their knowledge.
In a blog post, Microsoft said that toll fraud malware falls under billing fraud, and it’s not always easy to detect.
Unlike other billing fraud malware, toll fraud malware uses a complex system where the creators can turn a regular app into a malicious one with the click of a button. It is also designed to target users of a specific mobile network.
“It uses the cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available. The malware then performs its routines only if the device is subscribed to any of its target network operators,” Microsoft explains.
Malicious code is constantly in development, but the first instance of toll fraud is traced back to the Joker malware in 2017. Even malware from today operates similarly. When the infected phone connects to a cellular network, the malware app “stealthily initiates a fraudulent subscription” to premium services.
It also confirms the subscription without your knowledge. And as Microsoft points out, in some cases, it can even intercept the one-time password (OTP) covertly.
What you can do about it
It’s challenging to spot infected Android apps. But, there are a few things that you can do to stay protected.
- Never download apps from third-party libraries. Instead, only use the official Google Play Store for all your apps.
- Just because an app is on the Google Play Store doesn’t necessarily mean it’s safe. Be on the lookout for apps that use a similar logo to other popular apps or have similar functions. Also, check reviews to see if others are warning about suspicious activity.
- Pay attention to permissions an app requests. It’s a red flag if an app wants full access to your text messages or notifications.
- If an app wants more information or access than you are comfortable with, don’t download it. It’s good to question why an app needs access to certain information if it’s unclear why.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!