Billing fraud apps can disable Android Wi-Fi and intercept text messages
Published: July 4, 2022

Billing fraud apps can disable Android Wi-Fi and intercept text messages
Billing fraud apps can disable Android Wi-Fi and intercept text messages

Android scamware uses many tricks to sign you up for pricey services.

Android malware developers are stepping up their billing fraud game with apps that disable Wi-Fi connections, surreptitiously subscribe users to pricey wireless services, and intercept text messages, all in a bid to collect hefty fees from unsuspecting users, Microsoft said on Friday.

This threat class has been a fact of life on the Android platform for years, as exemplified by a family of malware known as Joker, which has infected millions of phones since 2016. Despite awareness of the problem, little attention has been paid to the techniques that such "toll fraud" malware uses. Enter Microsoft, which has published a technical deep dive on the issue.

The billing mechanism abused in this type of fraud is WAP, short for wireless application protocol, which provides a means of accessing information over a mobile network. Mobile phone users can subscribe to such services by visiting a service provider's web page while their devices are connected to cellular service, then clicking a button. In some cases, the carrier will respond by texting a one-time password to the phone and requiring the user to send it back in order to verify the subscription request. The process looks like this:

The goal of the malicious apps is to subscribe infected phones to these WAP services automatically, without the notice or consent of the owner. Microsoft said that malicious Android apps its researchers have analyzed achieve this goal by following these steps:

Disable the Wi-Fi connection or wait for the user to switch to a mobile network.
Silently navigate to the subscription page.
Auto-click the subscription button.
Intercept the OTP (if applicable).
Send the OTP to the service provider (if applicable).
Cancel the SMS notifications (if applicable).

Malware developers have various ways to force a phone to use a cellular connection even when it’s connected to Wi-Fi. On devices running Android 9 or earlier, the developers can invoke the setWifiEnabled method of the WifiManager class. For versions 10 and above, developers can use the requestNetwork function of the ConnectivityManager class. Eventually, phones will load data exclusively over the cellular network.

Once a phone uses the cellular network for data transmission, the malicious app surreptitiously opens a browser in the background, navigates to the WAP subscription page, and clicks a subscribe button. Confirming the subscription can be tricky because confirmation prompts can come by SMS, HTTP, or USSD protocols. Microsoft lays out specific methods that malware developers can use to bypass each type of confirmation. The Microsoft post then goes on to explain how the malware suppresses periodic messages that the subscription service may send the user to remind them of their subscription.

"By subscribing users to premium services, this malware can lead to victims receiving significant mobile bill charges," Microsoft researchers wrote. "Affected devices also have increased risk because this threat manages to evade detection and can achieve a high number of installations before a single variant gets removed."

Google actively bars apps from its Play market when it detects signs of fraud or malice, or when it receives reports of malicious apps from third parties. While Google often doesn’t remove malicious apps until after they have infected millions of users, apps downloaded from Play are generally regarded as more trustworthy than apps from third-party markets.

Source: Re-posted and Summarized from DAN GOODIN at arstechnica.

My Take: The best way to fight these bastards is to be warned in advance. Knowledge is power.


Customer Reviews:

We all have been VERY pleased with Adrian's vigila
We all have been VERY pleased with Adrian's vigilance in monitoring the website and his quick and successful repairs. Evan was also very helpful in solving all of my hacking problems. So in all aspects of the Computer Geeks we are very glad we are working with you.
Kenneth Bruscia PhD
Published:
Kenneth Bruscia PhD
[email protected]
FIVE STARS + It's true, this is the place to go fo
FIVE STARS + It's true, this is the place to go for your web site needs. In my case, Justin fixed my problem immediately. It's such a comfort to know that I can reply on these people for any and all my web needs. You will not find a better team anywhere.
Paul Adler
Published:
Paul Adler
[email protected]
We reached out to Rich and his team at Computer Ge
We reached out to Rich and his team at Computer Geek in July 2021. We were in desperate need of help because our former website design agency left us hanging with major website issues that needed immediate attention. Rich and his team were extremely helpful and quick to come to our rescue! They have helped us with numerous projects that have helped our SEO. Our sales have increased 30% since coming to Computer Geek. We've been working with them for about nine months now and are very pleased with their response time and helpful manner. Rich has proven himself to be trustworthy and dependable. We feel valued as a customer and look forward to continuing a relationship with Computer Geek.
Leigh Hutchens
Published:
Leigh Hutchens
[email protected]
Just to say thank you for all the hard work. I can
Just to say thank you for all the hard work. I can't express enough how great it's been to send projects and they get done. Beyond that, your ability to work with three different folks in a personable way really has been a game changer for us. The improvements to our business because of your hard work have been significant.
Curtis Williams
Published:
Curtis Williams
[email protected]
I would certainly like to recommend that anyone pu
I would certainly like to recommend that anyone pursing maintenance for a website to contact The Computer Geek. I have been using another company to do some maintenance on my site with moderate success. There were issues that were evidently beyond what could be handled by them. However, the professionals at The Computer Geek had them addressed and rectified in no time at all. The Computer Geek approached all of my requests focusing on my goals and the needed performance. Then, once versed, presented me with a very reasonable price. Once the projects were in motion, I found that the tasks were achieved before I expected, with professional results. Also, in one instance where The Computer Geeks brought an issue to my attention that I would have likely overlooked. This was accompanied by a recommendation on how to solve the issue. Overall The Computer Geeks exceeded my expectations!
David Pappas
Published:
David Pappas
[email protected]
I have a important website dedicated to the local
I have a important website dedicated to the local high school going back nearly 100 years. It was suddenly infected with a virus. Rich at Computer Geek fixed it within an hour. I cannot recommend him enough. I hope it's not for a long time, but the next time I need help, Rich is who I'm gonna call.
Eric Williams
Published:
Eric Williams
[email protected]
WOW! I have been wracking my brain for the past 30
WOW! I have been wracking my brain for the past 30 days trying to figure out who was hosting my company's website the domain owner, etc. Yesterday, when I googled for help and I clicked on the link to computer-geek.net and picked up the phone and called them. Rich answered and from there it was smooth sailing!
Rhonda Harding
Published:
Rhonda Harding
[email protected]
A note to let you know how much I appreciate your
A note to let you know how much I appreciate your team's work. Justin is on top of quickly solving any issues, making changes, reliable. Finding you was one of the luckiest days of my 74 years. I'd be honored if you'd add me to your list of references. And please stay healthy and in business. I got enough headaches from other folks.
Dan Cutrer
Published:
Dan Cutrer
[email protected]
We discovered an issue with our Oscommerce cart pr
We discovered an issue with our Oscommerce cart processing images. It is about 14 years old and heavily modified. Looking on google for some expert help I found Rich and reached out to him. We received a response the same day. The next day his team was working on our issue and was able to solve it within a few hours. Price was reasonable and we are very appreciative to find a competent and professional oscommerce expert to help successfully troubleshoot our issue.
Phillip Sirota
Published:
Phillip Sirota
[email protected]
I'm very new to the whole idea of having a website
I'm very new to the whole idea of having a website / blog. I used Bluehost.com and WordPress.org to create Thepredatorhunter.com and then managed to wreck it. On a Sunday morning I opened chat box with Rich and within a few hours everything was fantastic! This isn't just a company for big biz, if your new and small, The Computer Geek can help you out. In trouble? Stop fretting and start typing in the chat box. You will be glad you did!
Dennis Gilmore
Published:
Dennis Gilmore
[email protected]
[Read More Testimonials Here]

Latest Website Related Articles

Using a USB headset for Google Meet calls is finally getting simpler

Published: August 16, 2022
Hooking up a USB accessory such as a headset or microphone for a Google Meet call is set to get a lot easier at last thanks to a new update to the service. The video conferencing platform has revealed changes that will allow users to have much gre...[Read More]

 

Microsoft finally admits Xbox One sales were less than half of the PS4

Published: August 15, 2022
We haven't had official Xbox One sales figures for 7 years. Official Xbox One sales have largely been a mystery, but now Microsoft is finally admitting the obvious: the PS4 outsold the Xbox One, by a lot. Microsoft stopped reporting its Xbo...[Read More]

 


Here are some links to related topics:
 website troubleshooting,   php designer,   webmaster info,   xcart hacked,   hostgator hacked,   woocommerce hacked,  


Auto Helpers: Auto Helpers
Site Secured By The Website Guardian