Android Malware Creeps Into Cellphone Bills

Photo
Credit Lookout

Smartphones are meant to be headache-free compared with old-school computers. But malicious software written for Android devices can be even sneakier than the malware that invaded PCs.

The most prevalent form of Android malware scrapes small amounts of money from smartphone owners by making secret charges to their phone bills, according to a report published by Lookout, a mobile security company in San Francisco. This type of malware is called toll fraud, and it has the potential to fool plenty of people who don’t pay close attention to their phone bills every month.

But how does toll fraud work if the carriers control our bills? The process is actually very complex, said Derek Halliday, a product manager at Lookout.

First, it helps to understand a legitimate transaction involving text messages. Say, for example, a person wants to send a text message to a service to buy a new ringtone. When this happens, the cellular network forwards the text message to a middleman service, which handles the transaction between the wireless provider and the ringtone provider. The ringtone provider then shoots a message to the cellphone owner asking for confirmation of the order. When the customer confirms the order, he receives the ringtone, his cellphone bill is charged, and the carrier takes a cut and gives the rest of the money to the ringtone provider and the middleman service.

Here’s how toll fraud works: A person downloads a malicious app. The app invisibly sends a text message to a service that uses a middleman service that has a relationship with the malware author. A confirmation message is sent back to the malware, which blocks it from being seen by the customer and confirms the charge. The charge goes to the user’s bill, and the carrier takes its cut and gives the rest of the money to the service and the middleman, and thus the malware author.

In its  report, Lookout estimates that from the beginning of 2012 to the end of 2013, 18 million Android users may encounter malware. About 72 percent of the malware that Lookout detected this year was toll fraud, and the company expects this number to grow, because even though the process is complex, the code isn’t difficult to replicate. The company advised cellphone owners to regularly check their bills for suspicious charges.