Microsoft Warns About Evolving

Microsoft Warns About Evolving: has detailed the evolving capabilities of toll fraud malware apps on Android, pointing out its “complex multi-step attack flow” and an improved mechanism to evade security analysis.

Toll fraud belongs to a category of billing fraud wherein malicious mobile applications come with hidden subscription fees, roping in unsuspecting users to premium content without their knowledge or consent.

It’s also different from other fleece threats in that the malicious functions are only carried out when a compromised device is connected to one of its target network operators.

Microsoft Warns of Evolving Web Skimming Techniques

“It also, by default, uses the cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available,” Dimitrios Valsamaras and Sang Shin Jung of the Microsoft 365 Defender Research Team said in an exhaustive analysis.

“Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user’s consent, in some cases even intercepting the one-time password (OTP) to do so.”

Microsoft Warns of Evolving Toll Fraud Android Malware Draining Wallets

Such apps are also known to suppress SMS notifications related to the subscription to prevent the victims from becoming aware of the fraudulent transaction and unsubscribing from the service.

At its core, toll fraud takes advantage of the payment method which enables consumers to subscribe to paid services from websites that support the Wireless Application Protocol (WAP). This subscription fee gets charged directly to the users’ mobile phone bills, thus obviating the need for setting up a credit or debit card or entering a username and password.

Microsoft warns of the evolution of six Iranian hacking groups

“If the user connects to the internet through mobile data, the mobile network operator can identify him/her by IP address,” Kaspersky noted in a 2017 report about WAP billing trojan clickers. “Mobile network operators charge users only if they are successfully identified.”

Optionally, some providers can also require OTPs as a second layer of confirmation of the subscription before activating the service.

“In the case of toll fraud, the malware performs the subscription on behalf of the user in a way that the overall process isn’t perceivable,” the researchers said. “The malware will communicate with a [command-and-control] server to retrieve a list of offered services.”

Microsoft warns about Android malware that could secretly steal your money

It achieves this by first turning off Wi-Fi and turning on mobile data, followed by making use of JavaScript to stealthily subscribe to the service, and intercepting and sending the OTP code (if applicable) to complete the process.

The JavaScript code, for its part, is designed to click on HTML elements that contain keywords such as “confirm,” “click,” and “continue” to programmatically initiate the subscription.

Microsoft warns of ‘continuously evolving’ Android ransomware

Upon a successful fraudulent subscription, the malware either conceals the subscription notification messages or abuses its SMS permissions to delete incoming text messages containing information about the subscribed service from the mobile network operator.

Toll fraud malware is also known to cloak its malicious behavior through dynamic code loading, a feature in Android that allows apps to pull additional modules from a remote server during runtime, making it ripe for abuse by malicious actors.

Microsoft Warns About Mac Malware’s Evolution! UpdateAgent Can Now Install Adware, Other Malicious Content

From a security standpoint, this also means that a malware author can fashion an app such that the rogue functionality is only loaded when certain prerequisites are met, effectively defeating static code analysis checks.

“If an app allows dynamic code loading and the dynamically loaded code is extracting text messages, it will be classified as a backdoor malware,” Google lays out in its developer documentation about potentially harmful applications (PHAs).

Microsoft Warns of Evolving LemonDuck Threat

With an install rate of 0.022%, toll fraud apps accounted for 34.8% of all PHAs installed from the Android app marketplace in the first quarter of 2022, ranking second below spyware. Most of the installations originated from India, Russia, Mexico, Indonesia, and Turkey.

To mitigate the threat of toll fraud malware, it’s recommended that users install applications only from the Google Play Store or other trusted sources, avoid granting excessive permissions to apps, and consider upgrading to a new device should it stop receiving software updates.

Microsoft Warns of Evolving Web Skimming Techniques

https://redmondmag.com › articles › 2022/05/25 › micr

25-May-2022 — The Microsoft 365 Defender Research Team is warning that Web skimming attacks are becoming more sophisticated and are able to hide malicious 

Microsoft Warns of Evolving Toll Fraud Android Malware

https://www.hackread.com › Security

2 days ago — Microsoft’s 365 Defender team has detected a new and evolving Android malware that targets users’ crypto wallets to steal funds without 

Microsoft warns of the evolution of six Iranian hacking groups

https://www.bleepingcomputer.com › News › Security

16-Nov-2021 — Since September 2020, Microsoft has been tracking six Iranian hacking groups deploying ransomware and exfiltrating data to cause disruption and 

Microsoft warns about Android malware that could secretly 

https://www.androidcentral.com › Apps & Software

2 days ago — Microsoft has warned Android users that still use older versions of the operating system about an evolving malware that can empty their wallet 

Cyberngo – Microsoft warns about evolving capabilities ofFacebook

https://ne-np.facebook.com › posts

Translate this page

Microsoft warns about evolving capabilities of Toll Fraud Android Malware Apps. #CyberNGO #CyberSecurity #cybercrime #cyberhelp #cybertips #cybersmart

Microsoft warns of ‘continuously evolving’ Android ransomware

https://www.itpro.com › security › microsoft-warns-of

09-Oct-2020 — This sophisticated strain abuses the incoming call notification to block access to a device … Microsoft has lifted the lid on a sophisticated 

Microsoft Warns About Mac Malware’s Evolution! UpdateAgent 

https://www.techtimes.com › articles › microsoft-warn

03-Feb-2022 — Microsoft now warns consumers about a new Mac malware. The software giant released its warning after discovering that the security threat is

Microsoft Warns of Changing Capabilities of Toll Fraud 

https://itsecuritywire.com › Quick Bytes

3 days ago — Microsoft Warns of Changing Capabilities of Toll Fraud Android Malware Applications … Microsoft has described the expanding capabilities of 

Microsoft Warns of Evolving LemonDuck Threat – SecureData

https://www.securedata.com › blog › microsoft-warns-o.

30-Jul-2021 — Microsoft Warns of Evolving LemonDuck ThreatCryptocurrency has become an increasingly pervasive topic in recent years, as much for the

Microsoft warns Windows users of critical bug that can let

https://www.indiatoday.in › Technology › News

03-Jul-2021 — Microsoft has warned Windows users of an unpatched critical bug that can let hackers install malicious programmes on their systems.

Toll fraud malware: How an Android application can drai

https://www.microsoft.com › blog › 2022/06/30 › toll-f.

7 days ago — Our in-depth analysis of this threat and its continuous evolution informs the protection we provide through solutions like Microsoft Defender 

How cyberattacks are changing according to new Microsoft 

https://www.microsoft.com › blog › 2021/10/11 › how

11-Oct-2021 — Microsoft Warns of Continued Attacks by the Nobelium Hacking Group, Nathaniel Mott, PCMag. 26 June 2021. 3Attacks on Financial Apps Jump 38% in 

Microsoft warns of evolved LemonDuck malware targeting 

https://www.computing.co.uk › news › microsoft-warns

26-Jul-2021 — Microsoft has published a detailed report warning of an evolution in LemonDuck cryptomining malware enables threat actors to steal 

Microsoft warns Windows users of unpatched critical 

https://www.business-standard.com › Technology › News

02-Jul-2021 — Microsoft has warned Windows users of an unpatched critical vulnerability that can help hackers install malicious programmes and access key 

The Hacker News on Twitter: “#Microsoft warns about the 

https://twitter.com › TheHackersNews › status

21-Nov-2021 — Microsoft warns about the activities of 6 evolving Iranian state-sponsored hacking groups that increasingly rely on ransomware. 8:00 AM · Nov 18 

Microsoft Warns Of Dangers From Toll Fraud Malware On

https://in.mashable.com › Article › Tech

4 days ago — In a report from Microsoft researchers Dimitrios Valsamaras and Sang Shin Jung, the pair detailed the continuing evolution of “toll fraud 

Microsoft Warns of ‘Continuously Evolving’ Android Ransomware

https://cps-vo.org › node

Microsoft Warns of ‘Continuously Evolving‘ Android Ransomware” Conflict Detection Enabled. View. Submitted by grigby1 on Fri, 10/09/2020 – 4:37pm.

Microsoft Warns of Evolving Toll Fraud Android Malware

https://infosectoday.com › Malware

2 days ago — Microsoft’s 365 Defender team has detected a new and evolving Android malware that targets users’ crypto wallets to steal funds without raising 

News Analysis Details: Microsoft Warns of Evolving Web Skimming 

https://tweaks.com › news › microsoft-warns-of-evolvin

The Microsoft 365 Defender Research Team is warning that Web skimming attacks are becoming more sophisticated and are able to hide malicious scripts from

 

 

 

 

 

 

 

 

 

 

 

 

 

SOURCE URL

 

 

 

Leave a Reply

Your email address will not be published.