Beware! This Android malware can auto-subscribe to premium services by stealing your OTP

In effect, this Android malware forces subscriptions on your account, which are then added to your telecom operator’s monthly billing cycle. This leads to you facing exorbitant charges to your account, which you are then liable to pay since the transactions are technically authorised through your account only.

How the Android malware flaw works

As described by Microsoft, the toll fraud malware breaches the wireless application protocol (WAP) through select cellular networks, which is why the first step that such apps do is disable the wi-fi network on a target user’s phone – or wait for them to be in cellular network coverage area.

Once in cellular coverage, the malware enforces a premium account subscription in the background, without a user’s knowledge. It then uses dynamic code loading, which executes web commands based on automatic instructions through an app, and navigates to the payment page of a subscription that you did not voluntarily opt for.

On its payment page, the malware enables payment to a subscription through your cellular network and also intercepts and hides the one-time password that you may receive from your notification panel. It also uses elevated system privilege to access this password, and enter it on your subscription page to then bill it to your network carrier’s overall bill.

Microsoft notes that such frauds are largely distributed outside the Google Play Store since the latter’s policies include restrictions for apps with dynamic code loading – which are thereby unable to execute automatic commands.

As a result, beware of the app that you download outside the Google Play Store, since they may often include malware that can lead to the loss of sensitive data and money, all without your knowledge or approval.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.