American tech giant Microsoft’s 365 Defender Team has stated that a malware that allows users to subscribe to a premium service without their knowledge is gaining popularity. However, according to GSM Arena, the team has stated that the attack of this malware is quite sophisticated and there are some steps that the malware has to take. First of all, the apps hosting the malware are usually classified as “fee fraud” and use “dynamic code loading” to carry out the attack.
In short, the malware subscribes users to a premium service with their monthly telecom bill and then forces them to pay.
The malware only works by exploiting the so-called WAP (Wireless Application Protocol) used by cellular networks. Because of this, some types of malware disable your WiFi or just wait for you to leave WiFi coverage.
This is where the dynamic code loading mentioned above comes into play. The malware then silently subscribes you to a service, reads an OTP (one-time password) that you may receive prior to subscribing, fills in the OTP field on your behalf, and also hides the notification to cover its tracks .
The saving grace is that the malware is mostly distributed outside of Google Play, as Google restricts apps’ use of dynamic code loading according to GSM Arena.