Dubbed FakeSpy, the malware is sent in text messages. Once the virus has infected a smartphone, it leverages the handset to distribute itself even further. According to researchers, the cyber-criminal operation behind it is finding a huge amount of success.
FakeSpy malware has been in the wild since 2017. It was initialled used to target smartphone owners in Japan and South Korea, however, it has expanded more recently to target Android users across the globe. Newly tailored attacks are being used in Asia, Europe, and North America.
The malware is designed to pilfer sensitive information from your smartphone.
It not only takes information from your SMS messages, but also financial information, apps and other account information stored on your handset. Even worse, FakeSpy can read contact lists – leaving it with truckloads of additional phone numbers to enable it to continue sending its malicious texts.
FakeSpy is the underlying malware that powers the scams, but the techniques used to trick people into running the nasty software vary between counties. After all, what works in North America might not work on those in Japan.
In the UK, a number of people have been tricked into triggering the malware with text messages designed to look like missed delivery messages from Royal Mail. The link in the message sends you a fake version of the Royal Mail app that infects your device with FakeSpy.
Meanwhile in the US, the text messages send users to a fake US Postal Service app.
Attempting to download these apps – and granting them the permissions requested – is what enables FakeSpy to trawl through contacts information, text message history, financial information and more. According to researchers, since FakeSpy is considered to be under “active development” and “evolving rapidly” its capabilities are likely to expand dramatically over the coming weeks. So, it’s possible things will get worse.
Head of Threat Research at Cybereason Assaf Dahan told ZDNet: “We are under the impression that this attack is what we often refer to as ‘spray and pray’. I don’t believe they are aimed at a particular individual, but instead the threat actors try their luck, casting a rather wide net, and waiting for someone to take a bite.
“We see new developments and features added to the code all the time, so my guess is that business is good for them.”
Despite the immensely powerful nature of this ever-evolving malware, Android users can avoid falling victim by exercising extreme caution with any unexpected text messages. If you have received a message claiming to be from a delivery service, bank, or other organisation asking you to click on a link, re-enter details, or download a piece of software – don’t do it. It’s likely to be an attack.
If you’re unsure, you can always find the customer service number for the organisation and check before launching any URLs texted to you.
“Users should apply critical thinking and be suspicious of SMS messages containing links. If they do click on a link, they need to check the authenticity of the webpage, look for typos or wrong website name, and most of all – avoid downloading apps from unofficial stores,” added Assaf Dahan. “In addition, having a mobile security solution can detect and remediate the threat.”
Published at Mon, 06 Jul 2020 05:31:00 +0000