Beware! This Android malware can auto-subscribe to premium services by stealing your OTP

The Android malware flaw has been detected by Microsoft’s 365 Defender Team.

Highlights
  • The Android malware can force you to subscribe to premium services.
  • The malware directs you to a payment page without authorisation.
  • It can also intercept notifications and steal OTPs.

A type of Android malware that can bypass network restrictions and force automatic subscriptions to premium services has been steadily growing in popularity around the world, said a recent report on the matter by Microsoft’s 365 Defender Team. The cyber security division of Microsoft detailed how the type of Android malware is typically found in apps that are classified as ‘toll frauds’, and leverages a feature called ‘dynamic code loading’ to automate subscriptions to premium services that you never opted in to.

Show Full Article

In effect, this Android malware forces subscriptions on your account, which are then added to your telecom operator’s monthly billing cycle. This leads to you facing exorbitant charges to your account, which you are then liable to pay since the transactions are technically authorised through your account only.

How the Android malware flaw works

As described by Microsoft, the toll fraud malware breaches the wireless application protocol (WAP) through select cellular networks, which is why the first step that such apps do is disable the wi-fi network on a target user’s phone – or wait for them to be in cellular network coverage area.

Once in cellular coverage, the malware enforces a premium account subscription in the background, without a user’s knowledge. It then uses dynamic code loading, which executes web commands based on automatic instructions through an app, and navigates to the payment page of a subscription that you did not voluntarily opt for.

On its payment page, the malware enables payment to a subscription through your cellular network and also intercepts and hides the one-time password that you may receive from your notification panel. It also uses elevated system privilege to access this password, and enter it on your subscription page to then bill it to your network carrier’s overall bill.

Microsoft notes that such frauds are largely distributed outside the Google Play Store since the latter’s policies include restrictions for apps with dynamic code loading – which are thereby unable to execute automatic commands.

As a result, beware of the app that you download outside the Google Play Store, since they may often include malware that can lead to the loss of sensitive data and money, all without your knowledge or approval.