There’s no two ways about it, malware is a major problem for Android users. You may be someone who’s never been subjected to it, you may have the know-how to detect and remove it — and that’s great — but millions of other users are affected by it every year. During 2012, one leading security firm reported more malware threats for Android than it did for Windows.

The biggest threat to Android users, according to mobile security firm Lookout, is “toll fraud” — malicious apps that are designed to quietly send premium rate text messages from your handset without your knowledge. Chances are you’ll know nothing about it until you receive your monthly bill — then you’ll have a small fortune to pay in charges.

If toll fraud is such a big problem, then, why isn’t your carrier doing anything about it? Can it not detect and block it?

Derek Halliday, a product manager at Lookout, explained to The New York Times that it’s actually very complex. To understand it, it’s best to take a look at the way a legitimate text message transaction works first.

Let’s say you want to buy a ringtone or wallpaper from one of those ridiculously overpriced text message services. When you send your message, your carrier delivers it to a middleman service, which then processes the transaction between your wireless provider and the company selling you the ringtone or wallpaper.

The ringtone company then asks for confirmation of your order. Once you’ve confirmed, you get your ringtone, your bill gets charged, your carrier takes a cut of the fee, and the rest is passed on to the ringtone company.

Now, here’s how it works when a malicious app takes your place. According to The Times, the malicious app sends a text message to the middleman, who’s connected to the app’s author. When the confirmation message comes back, the malicious app prevents you from seeing it, and it replies on your behalf.

Your bill gets charges, your carrier takes a cut of the fee, and the rest is passed onto the author of the malicious app. This doesn’t just happen once; it will continue to happen until the malware is removed from your device.

Again, this isn’t a little issue affecting a small number of users. Lookout says around 72% of the malware it has detected this year was toll fraud. From the beginning of 2012 to the end of 2013, Lookout expects more than 18 million Android users could be subjected to malware.

While the process of toll fraud is complex, the actual code isn’t difficult to replicate, Lookout says. And so it’s only expected to become an even bigger issue going forward.

With that being the case, the best way to protect yourself from this kind of attack is to ensure you have protection on your Android-powered smartphone. You’ll also want to keep an eye on your mobile phone bills for any mysterious fees.

• SourceThe New York Times