Marco.org

Brian X. Chen on Android’s toll-fraud malware problem:

Here’s how toll fraud works: A person downloads a malicious app. The app invisibly sends a text message to a service that uses a middleman service that has a relationship with the malware author. A confirmation message is sent back to the malware, which blocks it from being seen by the customer and confirms the charge. The charge goes to the user’s bill, and the carrier takes its cut and gives the rest of the money to the service and the middleman, and thus the malware author.

In its report, Lookout estimates that from the beginning of 2012 to the end of 2013, 18 million Android users may encounter malware. About 72 percent of the malware that Lookout detected this year was toll fraud, and the company expects this number to grow, because even though the process is complex, the code isn’t difficult to replicate.

Open always wins.