If you’re an Android user, chances are you’re aware of the many advantages these phones offer, including a more affordable price tag and a headphone jack—which newer Apple iPhones infamously lack. Additional benefits include the variety of Android phones, allowing you to find one that meets your needs and budget, and the ability to easily expand your phone’s memory. But with all of these amenities, there are bound to be drawbacks, many of which come in the form of warnings to users. Now, Microsoft has added to these concerns, issuing an urgent warning to anyone who uses one of these smartphones. Read on to find out what the tech giant says could infect your phone—and your wallet.
Different warnings have been issued for Android users this year, with experts expressing concerns about security threats tied to app and software downloads. Just last month, an app on Google’s Play Store was found to contain potentially dangerous malware, according to reporting by The Sun. The popular app in question, PIP Pic Camera Photo Editor, was described as a tool to help touch up photos, but actually had more sinister aims. According to The Sun, the app would install malware and steal Facebook login credentials, which can be used to commit identity fraud online, access additional accounts, and send spam messages to your contacts. Unfortunately, before the threat was discovered and blocked by Google, it was downloaded by over 1 million Android users.
Prior to this, cybersecurity firm Kaspersky also warned in May that three apps in the Google Play store contained Trojan-style hacker software known as “Jocker.” And in April, a new version of an infamous piece of Android-targeting malware, “Octo,” was discovered by financial cybersecurity firm ThreatFabric.
The most recent warning, however, came right before the July Fourth weekend. Microsoft, which provides malware protection through Microsoft Defender for Endpoint on Android, issued an alert about yet another type of malware.
According to a blog post published by the Microsoft 365 Defender Research Team on June 30, Android users need to be wary of toll fraud malware. According to the post, this form of billing fraud occurs when apps subscribe you to “premium services” without your knowledge and approval. This type of malware “continues to evolve,” the Microsoft team said, and it has been one of the most prevalent types of malware for Android users since 2017.
“By subscribing users to premium services, this malware can lead to victims receiving significant monthly bill charges,” the Microsoft team wrote in the blog post. “Affected devices also have increased risk because this threat manages to evade detection and can achieve a number of installations before a single variant gets removed.”
Emphasizing its prevalence, Microsoft confirmed that toll fraud accounted for 34.8 percent of installed Potentially Harmful Application (PHA) from the Google Play Store during the first quarter of 2022.
When downloading legitimate apps, Wireless Application Protocol (WAP) is a common payment mechanism used to subscribe to paid content, with the fees charged directly to your phone bill. But toll fraud leverages this form of billing to enroll you in paid premium services without your consent. The malware will disconnect you from Wi-Fi (or wait until you switch it off) and then use a cellular connection to initiate and confirm the subscription, using a one-time password (OTP), if necessary. It also disables SMS text notifications, so you aren’t alerted to the fraudulent transaction and won’t unsubscribe, Microsoft warns.
And while this information may have you rushing to check your latest phone bill, Microsoft did lend advice to help keep your device and your checking account protected.
In their blog post, the Microsoft 365 Defender Research Team stressed that “prevention from the side of the user” is integral in keeping your device protected.
“A rule of thumb is to avoid installing Android applications from untrusted sources,” they wrote, adding that this practice is also referred to as “sideloading” and that apps should strictly be downloaded from the Google Play Store or trusted sources.
In addition, don’t grant SMS permissions, notification listener access, or accessibility access without a firm understanding of why the app might need that. According to Microsoft, these are “powerful permissions” and aren’t necessary for general downloads.
The Microsoft team also noted the importance of using solutions to detect malware and keeping your Android device up-to-date. Speaking to this, the toll fraud malware in question is currently targeting phones running the Android 9 operating system or lower—meaning you’re protected if your device has Android 10 or above. Certain Android phones also stop receiving updates, which means you may want to consider trading up for a new device that has additional protective measures in place.