The devices Android are exposed to a new danger, according to what emerges from a report by Microsoft’s 365 Defender Research Teamwhich has identified a new wave of malware that can pose a major risk to users’ finances.
Classified as tariff fraud these malware aim to hit the unfortunate by going to activate subscription services that can quickly drain residual credit or even worse – in the case of non-rechargeable plans – the account connected to the telephone line, since everything happens without the user being able to notice the operations.
TARIFF FRAUD: HERE’S HOW THEY WORK
The scam in question takes advantage of the payment system present in the WAP protocol (Wireless Application Protocol) which uses the remaining credit or the user’s account to manage any subscriptions to premium content. Malware that takes advantage of this technique points to disable the Wi-Fi connection so that the infected smartphone navigates under the cellular network (otherwise it is not possible to start the subscription) and then carry out the following steps:
- They visit a specific webpage with bogus premium content in the background
- They click on the button to subscribe without the user discovering it
- They intercept any SMS with OTP to confirm the payment
- They enter the OTP code received in this way
- They cancel any notification of the OTP message
How easy it is to guess, this means that the user becomes aware of the crime only when he receives the next bill o when it will investigate the sudden disappearance of the credit, all cases in which the damage has now been done without (almost) the possibility of remedying
EYE TO THE APPS OUTSIDE THE PLAY STORE
Obviously the attack always starts from the installation of an application external to the Play Store, as Google’s rules strictly intervene on one of the tools behind the scam, namely the loading of dynamic code by an app. The advice is therefore always to avoid installing applications from sources outside the store. All the details on this mechanism can be found in Microsoft’s official post, which can be found in Source.
