In a world where almost everything, now, is done through smartphone app no wonder that many apps are actually just one tool to convey scams and cyber attacks. In some cases, however, the mechanisms are particularly complex and profitable for criminals, because certain apps can cost us a lot of money. The alarm, this time, sounds the same Microsoft.
To be precise, the Microsoft 365 Defender Research Teamthat is, the group of researchers and developers he works on Microsoft 365 Defender, that is the antivirus integrated in Windows and for a few weeks also available for Android. Researchers, in a long and detailed highly technical post published on Microsoft’s blog, recall how the first famous case of scam apps attacking users’ phone plans dates back to 2017, when several infected apps spread the famous (and still active) virus. “Joker“Those apps had managed to pass the checks of the Google Play Storewhich fortunately happens much more rarely today.
How scam apps work
The mechanism by which these apps “they attack” the telephone account of the user in order to steal some money he is the one, now classic, of the subscriptions to paid services. Subscriptions never requested by the user, activated without his knowledge.
To do this, these apps use several techniques at the same time, some of which are even quite complex. Once the app has been downloaded, the malware on duty takes possession of various components of the smartphone and begins to open in the background the website of the service to which it will subscribe without our knowledge.
The user sees nothing, because the malware hides the browser it is operating through. The subscription service, however, requires the insertion of a OTP code confirmation, just to prevent anyone who knows our phone number from activating subscriptions in our name.
This code comes sent via SMS, but the virus manages to intercept the message, preventing it from being displayed, by deactivating the smartphone notifications in advance. With the OTP code the malware can complete the registration for the service and we will only notice when the damage is done. That is when they start disappear money from our telephone account.
Which apps to watch out for
Microsoft doesn’t mention any specific app, but an entire one app category: those that are not installed by the Google Play Store and that, for no apparent reason, ask us for the permission to access SMS of the phone. A request justified only by the fact that the virus needs to be able to read theSMS with the OTP code.
How to defend yourself from scam apps
Microsoft also tells us what to do for avoid to fall into unpleasant situations like this:
- There first rule is to not download applications except from the official stores: Google Play Store and Apple App Store.
- There second rule is to not grant the apps permission to access SMS: this permission could be used in the last part of the scam just described.
- There third rule is to equip the Android smartphone with a good antivirus program, to protect the user and the phone.
- There fourth and last finally, the rule concerns the phone itself: if it no longer receives monthly security updates, it is better to change it to a newer one.
.
#Microsoft #warns #apps #risk #scam
Leave a Comment
You must be logged in to post a comment.