Customers must then foot the bill for something they did not subscribe to
American tech giant Microsoft’s 365 Defender Team has said there’s growing popularity of malware that can subscribe users to a premium service without their knowledge.
According to GSM Arena, however, the team has stated that the attack from this malware is quite elaborate, and there are quite a few steps that the malware has to execute.
For starters, the apps harbouring the malware are usually classified as “toll frauds” and use “dynamic code loading” to carry out the attack.
In short, the malware subscribes users to a premium service using their monthly telecom bill, and then they are forced to pay.
The malware only works by exploiting the so-called WAP (wireless application protocol) used by cellular networks. That’s why some forms of malware disable your Wi-Fi or wait for you to go outside Wi-Fi coverage.
This is where the aforementioned dynamic code loading comes into play. The malicious software then subscribes you to a service in the background, reads an OTP (one-time-password) you may receive before subscribing, fills out the OTP field on your behalf and also hides the notification to cover its tracks.
The saving grace is that the malware is largely distributed outside of Google Play because Google restricts the use of dynamic code loading by apps, as per GSM Arena.