Beware of this Android Malware that switches off Wi-Fi and drains the mobile wallet!

There is a very trickster android device malware that has hit many countries of the world in which the attackers send this type of Android Malware to the target devices in numerous ways.  Moreover, this Android malware automatically switches off the Wi-Fi connections and wipes out all the mobile database such as mobile wallet, and sends it back to the attacker in form of packets.

In addition to this, Microsoft has warned its users of “toll fraud” malware on Android mobile phones that are able to drain the mobile wallet accounts by switching off Mobile Wi-Fi connections.  Subsequently, Toll fraud has some unique and special behaviors when compared to Call fraud and SMS fraud.

According to the Microsoft Defender research team, SMS fraud or Call fraud uses a simple attack method to send messages or call anyone, whereas in toll fraud attackers use a very complex attack methodology, and they are improving it also.  It forcibly turns on the mobile cellular connection even if there are wi-fi networks available so that it can track activities.

Once the connection is established, it covertly activates some fraudulent subscriptions, without the user’s knowledge, while in some cases it also bypasses/ intercepts OTP.  Furthermore, it will also hide all the notifications and pop-ups, so that users can not see any activities related to any subscription.

Another unique behavior of this malware is that it uses dynamic code loading, which makes it very difficult for Mobile AVs to detect the threat.  However, the team identifies some unique behavior that can be used to identify and detect that threat.

Android Malware that switches off Wi-Fi and drains the mobile wallet!
Android Malware that switches off Wi-Fi and drains the mobile wallet!

Therefore, the company is now increasing the security controls, Android API restriction, and Google Play Store policies, which can help to mitigate the threat.  Microsoft advises the users to follow the thumb rule which is to avoid installing applications from an untrusted source and always update security patches.

All in all, Microsoft also advises users to avoid granting SMS/Call permissions, disable notifications access, and accessibility access of any software without the knowledge of that application, which is asking for the permissions.

I hope that you have liked this article and would like to read more like it, I would recommend you to go through According to Google, an Italian spyware organization is hacking into various iOS and Android devices.

Leave a Reply

Your email address will not be published.