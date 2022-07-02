Microsoft has alerted users of "toll fraud" malware on Android that can drain your mobile wallet by switching off your Wi-Fi connection.

Compared to other subcategories of billing fraud, which include SMS fraud and call fraud, toll fraud has unique behaviors.

According to Microsoft 365 Defender research team, whereas SMS fraud or call fraud uses a simple attack flow to send messages or calls to a premium number, toll fraud has a complex multi-step attack flow that malware developers continue to improve.

"For example, we saw new capabilities related to how this threat targets users of specific network operators. It performs its routines only if the device is subscribed to any of its target network operators," warned the company.

It also, by default, uses a cellular connection for its activities and forces devices to connect to the mobile network even if a Wi-Fi connection is available.

Once the connection to a target network is confirmed, it stealthily initiates a fraudulent subscription and confirms it without the user's consent, in some cases even intercepting the one-time password (OTP) to do so.