Mobile PhonesMobile World

New Toll Fraud Malware Detected on Android Phones

In the most recent incident, toll fraud malware—a subset of billing fraud—was discovered on Android phones by Microsoft’s security team. The toll fraud malware software works by opening online browsers, scrolling to a certain webpage for a premium service, and then applying for memberships on the phone without the owner’s knowledge.

Google’s mobile ecosystem attracts unwanted attention from criminals looking to prey on unsuspecting people thanks to the more than 3 billion active Android phone users. Google has worked to make the Android and Play Store more secure over time.

Toll Fraud Malware

It will form the App Defense Alliance with ESET, Lookout, and Zimperium. The world’s largest search engine has made serious attempts, but has been unable to stop malware from infiltrating the Android ecosystem.

What makes the malware even more harmful is its ability to connect to remote services using cellular networks rather than Wi-Fi in order to evade detection by the phone’s security software.

The software can also read the OTP issued from the bank when a user applies for an unauthorized premium service subscription, masking it from the phone owner so that the latter is unaware of any illicit transactions until the monthly bank statement arrives.

Malware developers take advantage of the API (Application Pro subset to block service subscription notification messages sent by the default SMS application.

More specifically, after a successful subscription, the service provider notifies the user through email of the fees and provides them with the opportunity to cancel the membership.

The malware can contact any of the functions listed above to remove the notification if it has access to the notification listener service, according to the Microsoft Security team.

The toll scam virus programme is dangerous for phones running Android 9 or earlier, according to specialists.

The owners of mobile devices are also cautioned against downloading programmes from dubious websites or third-party app shops, even if they promise money-saving deals or gift cards. This is a typical technique for persuading gullible users to install programmes.

It also goes without saying that consumers should update their phones to the most recent security patches and upgrades published on a monthly or occasionally quarterly basis by Google and mobile service providers. Additionally, it is wise to only download trustworthy antivirus software from the Google Play store.

The good news is that the malware is primarily spread outside of Google Play since, in accordance with Microsoft, Google limits the use of dynamic code loading by apps.


The Emotet botnet, which thieves use to spread malware worldwide, started attempting to steal credit card information from unwary customers last month, according to cybersecurity company Proofpoint. The malware stealthily attacks the well-known Google Chrome browser before sending the data to command-and-control servers.

The Emotet botnet has returned after being shut down by Europol and other international law enforcement organisations in January 2021. Previously, the botnet was used to distribute software to remove malware from compromised machines.

Related Articles

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Back to top button
Would love your thoughts, please comment.x
Mail Icon