Security researchers have discovered a new type of malware posing as postal services in several countries.
According to information security firm Cybereason, a new campaign involving FakeSpy (an Android information-stealing tool that previously attacked victims in South Korea and Japan) is now targeting users in the US, UK, Germany, France, China, Taiwan, and Switzerland.
First discovered in 2017, FakeSpy can send malicious text messages, spy on sensitive data such as account details and contacts, leak bank and card details, and steal account data.
FakeSpy relies on a technique called SMS phishing, whereby hackers deliver malicious text messages that appear to be from legitimate organizations so that victims are prompted to click on a link.
Over the past few years, however, this malware has become more powerful, developed new capabilities, and now endangers users on a global scale.
"FakeSpy is very interesting because it has been out in the wild since 2017." "Now its latest campaign shows that it has become more powerful!" Cyberreason writes in its report." Code improvements, new features, anti-emulation techniques, and a new global target audience all suggest that this malware is well maintained by its authors"
.
In its new campaign, FakeSpy victims receive messages claiming to be from their local postal service. However, the messages are fake and contain malicious links.
The text messages pose as legitimate postal services such as the U.S. Postal Service, Royal Mail (UK), Deutsche Post (Germany), La Poste (France), Japan Post (Tokyo), Yamato Transport (Japan), China Post (Taiwan), and Swiss Post (Switzerland).
When users click on a link in the text message, they are taken to what looks like the postal provider's persuasive website. Here, they are prompted to install this company's Android app, which is actually the FakeSpy APK.
"Cybereason observed that each of the fake applications is built using WebView, which allows the developer to display a web page.
"In this scenario, the malicious FakeSpy app redirects the user to the original post office carrier's web page. In this scenario, the malicious FakeSpy app redirects the user to the original post office carrier's web page. During this time, the icons and UI (user interface) of these applications look legitimate and can easily lead the user to believe they are the original application.
After the Android app is downloaded and various permissions are granted to the device, its steal functionality is immediately enabled.
The malware is capable of stealing contact lists, cell phone numbers, and device information, and also looks for banking and cryptocurrency apps installed on infected hardware.
Assaf Dahan, Cybereason's head of threat research, told Tom's Guide: "In the game of chess that is always played between hackers and businesses and hackers and consumers, consumers and individuals are the weakest links, so hackers prey on consumers and individuals are preyed upon. [To minimize risk, users should apply critical thinking and be suspicious of SMS messages containing links. When clicking on links, they should check the authenticity of the web page and look for typos or incorrect website names.
In addition to that, one should not download or install apps offered through websites. Instead, go to the Google Play store and search for the app there. And as always, one of the best Android antivirus apps can help detect and defeat mobile malware.
Comments