Android: virus steals data masquerading as package delivery - Geeko
Cybereason cybersecurity researchers have highlighted the new FakeSpy malware phishing campaign. This virus, active since 2017, now masquerades as a delivery service to steal sensitive data from its victims.
The malware sends an SMS about a so-called parcel delivery or pretending to be some kind of postal service in order to lure its victims and make them click on the link indicated in the message. This link sends the victims to a fake postal or delivery service website inviting them to download a dedicated application. The app in question is obviously fraudulent, it takes up the aesthetics of that of the legitimate service, in order to create an illusion. After downloading the app, the victim will then be redirected to the legitimate postal service site, in order to dispel any suspicions they may have regarding the app.
Once the corrupted app is installed, the malware can deploy and monitor the victim's every move. FakeSpy may thus collect various information; personal data, contacts, but also identifiers and banking information. The virus will also be able to consult text messages and use certain applications without the victim's knowledge.
The malware will use the smartphone it has just infected to spread and send false SMS to the victim's contacts regarding the delivery of a package. "These attacks seem to correspond to what is called" Spray and Pray ". They don't seem to be targeting a specific individual, cyber attackers seem to be trying their luck by casting a fairly large net, waiting for someone to take the bait, "said Assaf Dahan, senior director and researcher on threats within Cybereason, to our colleagues at ZDNet.
The virus in question, FakeSpy, has not stopped evolving and developing for three years. Fruit of a group of Chinese cybercriminals, the malware mainly targeted Japan and South Korea, but today it is deployed as much in Europe as in North America and Asia.
The only solution to protect yourself against this type of phishing attack is to be wary of messages from unknown senders, especially those attributed to official institutions. It is advisable to go yourself to the site of the institution or organization rather than clicking on the link in a suspicious text message. Finally, avoid downloading apps outside of official stores.
Android: 25 applications removed from the Play Store for theft of Facebook credentials
Cybersecurity: Google calls companies for help to secure Android and Play Store
- Mobile app
- Personal data
- Cyber attack