A new type of Android malware called “toll fraud malware” has been discovered, leading many individuals to question why they are being signed up for services that they do not want. In other words, there is malware out there that is spending users’ money without their permission. How rude!
Unlike other types of malware that are immediately noticeable to the victim (a good example is ransomware, which demands a ransom in exchange for your data), toll fraud malware completely bypasses the user and spends their money without their consent. The threat works by subscribing the user to paid content and adding charges directly to the phone bill. Sometimes it might disconnect your device from Wi-Fi to make it use more cellular data, or it will hide one-time passwords, two-factor messages, and verification messages to make sure you don’t discover it.
Toll fraud itself is not a new idea. It has existed since the days of dial-up internet connections, emerging once in a while to attack mobile phones as well. Microsoft has issued a warning that toll fraud malware has become a significant problem for a lot of users, however, so you might want to take it seriously.
We recommend that you remain aware of everything that you install on your device. You should not trust all apps on your phone, even if Google and Apple do a decent enough job of keeping malicious applications off their app stores. Just because an application appears in the store does not mean that it is safe to use.
Malware can often sneak by the algorithms by hiding in categories like wallpaper, lock screen apps, or apps claiming to improve device performance or (ironically) protect it from threats. When you install a new application on your device, you’ll be prompted to grant that application various device permissions. Be very careful with these permissions, especially if the permissions requested just don’t seem to make any sense.
We especially caution you against installing apps that aren’t found on the Google Play Store, as there is an even greater chance that the app could be malicious in nature.
At the end of the day, you just want to be as cautious as possible with your device, and if you are experiencing issues with it, then have a trained and trusted professional examine it for you. An application is not going to solve your device’s problems, and if you feel like your device is dragging its feet a bit (and maybe it is), then perhaps it’s simply time to upgrade.
Another way you can get an idea of if an app is secure is by reading the application’s description on the store, reading its reviews, and researching the developer. If something seems off, trust your gut and look at a different solution.
For any issues with your technology, know that you are not alone. To find out how we can support your technology efforts, reach out to us at (509) 534-1530.
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!