In a world where almost everything is done, now, through it Smartphone app No wonder so many apps are actually just one Tricks Transfer Tool and electronic attacks. However, in some cases, the mechanisms are complicated and especially profitable for criminals, because some applications can cost us a lot of money. The alert, this time, looks the same Microsoft.
To be precise, the Microsoft 365 Defender Research Teami.e. the group of researchers and developers he works on Microsoft 365 DefenderThis is the antivirus built into Windows and also available for Android for a few weeks. In a long and highly detailed technical post on Microsoft’s blog, the researchers recall how the first notorious case of scam apps attacking users’ phone plans dates back to 2017, when several infected apps spread the notorious (and still active) virus.joker“These apps managed to pass the tests Google Play StoreFortunately, that rarely happens today.
How do scam apps work?
The mechanism by which these applicationsare attacking” The User’s phone account In order to steal some money, he is the one, who is now a classic, from Subscriptions to paid services. Subscriptions that are never requested by the user, and are activated without their knowledge.
To do this, these applications use several technologies at the same time, some of which are quite complex. Once the app is downloaded, the malware takes over different components of the smartphone and starts Open in the background The website of the service to which you will subscribe without our knowledge.
The user does not see anything, because the malware hides the browser it is running through. However, the subscription service requires the inclusion of a file OTP icon Confirmation, just to prevent anyone who knows our phone number from activating subscriptions in our name.
This code comes Sent via SMS, but the virus was able to intercept the message, and prevent it from appearing, by deactivating the smartphone’s notifications in advance. Using an OTP code, malware can Complete the registration for the service We will only notice when the damage occurs. That’s when they start disappear money from our phone account.
Apps to watch out for
Microsoft doesn’t mention any specific app, but it does mention an entire app Application category: Those that are not installed by the Google Play Store and that, for no apparent reason, ask us Permission to access SMS from the phone. A request is justified only by the fact that the virus needs to be able to read a fileA text message with an OTP code.
How to defend yourself from fraudulent applications
Microsoft also tells us what to do to avoid Getting into unpleasant situations like this:
- there first rule Download apps only from official stores: Google Play Store and Apple App Store.
- there second rule Is not to give apps permission to access SMS: This permission can be used in the last part of the scam just described.
- there Third rule It is to provide your Android smartphone with a good antivirus software, to protect the user and the phone.
- there Fourth and last Finally, the rule concerns the phone itself: if it no longer receives monthly security updates, it is better to change it to a new one.