Microsoft Has Released Details Of New Android Malware That Could Significantly Increase The Cost Of Your Monthly Mobile Bill. This Malware Are Focused On WAP Services.
Malware developers focused on the Android platform are at it again and have designed apps that, while disabling a device’s Wi-Fi connection, secretly eavesdrop on users’ expensive wireless subscriptions and text messages. All these actions attempt to get vast sums of money from uninformed users.
According to the report of Ars Technica and quoting the press release of Microsoft, such security threats have been seen on the Android platform for years, and a clear example of them is a set of malware known as Joker. Joker malware has infected millions of smartphones since 2016. Despite the awareness of this security problem, little attention has been paid to the techniques used by such malware (Toll Fraud category). Microsoft has recently investigated this security problem in a technical and detailed way.
In this type of scam, a mechanism called WAP (Wireless Application Protocol) is used. This protocol provides a means to access information through the mobile network. Mobile phone users can subscribe to these services by visiting the providers’ website while their device is connected to the SIM card internet.
The user clicks on a specific option on the website of these companies, and sometimes the operator sends a one-time password to the user via SMS and asks him to enter the password on the site to complete the process of subscribing to the service.
The purpose of the malicious apps is to automatically subscribe smartphones to these WAP services without the user’s knowledge.
Microsoft says its researchers have found malware that automatically enrolls users in WAP services by performing specific actions. These applications initially disable the Wi-Fi connection or wait for the user to access the SIM card internet. Then the applications enter the subscription purchase page without the user’s knowledge, click on the subscription purchase option, intercept the one-time password, send that password to the WAP service provider, and finally disable the SMS notification. After completing these steps, the user has subscribed to one of the WAP services without knowing it.
Malware developers have various ways to force smartphones to use SIM card internet even when Wi-Fi is on. On devices running Android 9 and older, developers call the feature setWifiEnabledin the section WifiManager. In Android 10 and newer versions, developers go for the feature request networking section ConnectivityManager. Finally, the developer makes the phone load data exclusively through the SIM card’s Internet.
When the phone is connected to the SIM card internet, the malware opens the browser page in the background without the user’s knowledge, enters the WAP service page, and clicks on the subscription purchase option.
The final subscription verification step becomes a bit more complex; Because the confirmation request is provided via SMS or HTTP and USSD protocols.
Microsoft has announced various methods developers can rely on to bypass SMS, HTTP, and USSD requests. WAP service providers periodically send SMS messages to the user to inform him of his membership in the subscription service. According to Microsoft, malware can even disable these SMS messages.
Microsoft researchers say: “This malware may greatly increase the cost of the victims’ mobile bills by enrolling users in premium services. Affected devices are less secure; Because it is impossible to detect malware. “Many users may install this malware before it is removed.”
Google is actively detecting malware in the Play Store, and whenever it sees that a particular app is using malicious code, it stops its release. Experience shows that malicious apps are usually downloaded millions before being removed from the Play Store.