The Hacker News reports that toll fraud malware apps on Android have been evolving to include mechanisms to enable multi-step attacks while better evading security system detection.
Toll fraud malware apps, which unknowingly subscribe victims to premium subscriptions, have been leveraging cellular connections despite Wi-Fi availability, a report from the Microsoft 365 Defender Research Team revealed.
"Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user's consent, in some cases even intercepting the one-time password (OTP) to do so," wrote researchers Sang Shin Jung and Dimitrios Valsamaras.
The report also emphasized that the subscription process is not perceivable to victims.
"The malware will communicate with a [command-and-control] server to retrieve a list of offered services," added researchers.
Users have been urged to only install apps from trusted sources, including the Google Play Store, limit app permissions, and consider device upgrades upon the end of software updates to prevent toll fraud malware attacks.