According to Microsoft’s 365Defender report, malware is spreading recently that activates premium and high-end service subscriptions without the user’s knowledge. This type of attack is complex and the malware must go through several steps to reach the target.
Apps that contain malware are classified as “fraudulent” and use dynamic code loading to carry out the attack. In short, this malware activates subscriptions to premium services, which are billed monthly on user bills. Therefore, the user inevitably has to pay the subscription fee.
How does the new malware work?
This malware only works by exploiting WAP (Wireless Application Protocol) used by cellular networks. This is why some malware disables your Wi-Fi or waits for you to go out of Wi-Fi coverage. This is where dynamic code loading comes into play.
The malware activates a subscription service in the background, reads the OTP password you may receive before subscribing, embeds the password, and disables notifications to hide its tracks.
The good news is that this new malware has spread largely outside of Google Play; Because Google limits the use of dynamic code loading by applications.
What do you think about new malware detection? Share your opinion with Tekrato in the comments section.