Android Viruses Subscribe Users to Paid Services Without Their Knowledge

Android owners are threatened by a virus that secretly signs them up to paid subscriptions.

The malware works only by using the so-called WAP (Wireless Application Protocol) used by cellular networks. That is why some malicious programs disable Wi-Fi or just wait for the user to leave the Wi-Fi coverage area.

In the article, we will tell you all the details.

Read more about the types of malware here.

What happened?

A new Microsoft security report says Android users are being targeted by malware that signs up unsuspecting phone owners to receive expensive premium services that they have not applied for.

Android users are being targeted

The victim receives a bill at the end of the month, as the malware adds these costs to their monthly telecommunications bill. Since no one wants their phone turned off, these payments are usually made without confirmation, although the truth is that many victims don’t even bother checking their phone bills monthly.

How does the program work?

Since this attack uses the cellular network to do its dirty work, the malware can disconnect you from Wi-Fi or use other means to force you to connect to your cellular network.

After connecting to the cellular network, the malware starts the subscription process for premium services and even steals the one-time password (OTP) sent to confirm your identity. Any notification sent to show that you have subscribed to the service is suppressed to hide it from the victim so they will not cancel the subscription.

At the same time, the malware acts cautiously and only if the device is connected to the network of certain telecom operators. According to Microsoft experts, dynamic code loading is also used to carry out the attack.

The virus “wakes up” only when using the Wireless Application Protocol (WAP), that is when connected to a mobile network. If the device is connected to Wi-Fi, the malware will disable it or wait until the user is out of range of the wireless network.

How does the Android fraud work

Virus vs. worm: What’s the difference? Read more here.

Next, the virus, dynamically downloading the code in hidden mode, subscribes to a paid service, and if necessary intercepts and enters a one-time password on behalf of the user. Moreover, the malware hides all SMS notifications associated with the subscription so that the victim does not find out about the fraudulent transaction.

In fact, the malware is distributed outside of Google Play, since the official store prohibits applications from using dynamic code loading. Experts recommended avoiding installing programs from dubious sources — unofficial stores and unverified sites.


Recently, news about cybercrimes on smartphone owners has often appeared on the web. They usually concern applications and Trojans that charge the phone and copy all the data.

Fortunately, Utopia P2P has released a beta version of its messenger for Android. Now you need not be afraid that a virus will get to your phone or your data will fall into the wrong hands.

Learn more about Utopia P2P beta for mobile here.


Leave a Reply

Leave a comment

Your email address will not be published.