{"id":253324,"date":"2026-05-23T09:01:00","date_gmt":"2026-05-23T13:01:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/23\/new-android-malware-secretly-drains-cash-from-phone-bills\/"},"modified":"2026-05-23T09:35:11","modified_gmt":"2026-05-23T13:35:11","slug":"new-android-malware-secretly-drains-cash-from-phone-bills","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/23\/new-android-malware-secretly-drains-cash-from-phone-bills\/","title":{"rendered":"New Android malware secretly drains cash from phone bills"},"content":{"rendered":"<p><a href=\"https:\/\/geekspin.co\/new-android-malware-secretly-drains-cash-from-phone-bills\/\">New Android malware secretly drains cash from phone bills<\/a><\/p>\n<p><a href=\"https:\/\/geekspin.co\/new-android-malware-secretly-drains-cash-from-phone-bills\/\">https:\/\/geekspin.co\/new-android-malware-secretly-drains-cash-from-phone-bills\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-23 09:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"geekspin.co\">geekspin.co<\/a><\/p>\n<p>A new wave of Android malware campaign is secretly signing users up for premium subscriptions \u2013 and charging it directly to their phone bills.<\/p>\n<p>According to security researchers, around 250 malicious Android apps have been part of a global fraud campaign running for nearly a year.<\/p>\n<p>Instead of obvious pop-ups or alerts, these apps quietly subscribe users to premium SMS services. The kind that charges small amounts repeatedly through a target\u2019s mobile carrier.<\/p>\n<p>No warnings or noticeable confirmation. Extra charges just show up later.<\/p>\n<h2><span id=\"These_apps_look_completely_normal\">These apps look completely normal<\/span><\/h2>\n<p>Instead of using shady-looking apps, the attackers copied familiar ones. The apps are disguised as popular brands people already trust, including Facebook Messenger, Instagram Threads, TikTok, Grand Theft Auto, and Minecraft.<\/p>\n<p>So from the outside, everything looks normal and an unsuspecting person can download it thinking it\u2019s legit.<\/p>\n<p>Even after installing one of such apps, it can take a while to be detected, as it only activates when it knows it can charge you. That is one of the more calculated parts of this attack. The malware checks your SIM card first. If your mobile network matches specific carriers, it activates. If not, it shows something harmless so it doesn\u2019t get flagged.<\/p>\n<h2><span id=\"How_it_actually_drains_money\">How it actually drains money<\/span><\/h2>\n<p>Once active, the malware runs everything in the background. It can turn off your Wi-Fi to force mobile data usage, open hidden web pages, and click subscription buttons automatically. It can also intercept verification codes and confirm subscriptions without you seeing anything.<\/p>\n<p>Even one-time passwords (OTPs) get captured automatically using built-in Android features. So from the system\u2019s perspective, everything looks legit. You \u201cconfirmed\u201d the subscription. Except you didn\u2019t.<\/p>\n<h2><span id=\"This_is_a_full_operation\">This is a full operation<\/span><\/h2>\n<p>Researchers say this campaign has been running for 10 months, with structured systems behind it. There are multiple malware variants doing different things. One fully automates&#8230;<\/p>\n<p><a href=\"https:\/\/geekspin.co\/new-android-malware-secretly-drains-cash-from-phone-bills\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Android malware secretly drains cash from phone bills https:\/\/geekspin.co\/new-android-malware-secretly-drains-cash-from-phone-bills\/ Publish Date: 2026-05-23 09:01:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":253326,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/geekspin.co\/wp-content\/uploads\/2026\/05\/tiktok-1024x683.jpeg","fifu_image_alt":"","footnotes":""},"categories":[46],"tags":[32,57],"class_list":["post-253324","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android","tag-malware","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/253324"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=253324"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/253324\/revisions"}],"predecessor-version":[{"id":253328,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/253324\/revisions\/253328"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/253326"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=253324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=253324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=253324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}