A newly discovered Android malware uses SMS phishing approach to steal user data, including bank details and personal information.
The new Android malware is called FakeSpy. Security experts report that the malware has been active since 2017. Despite its capabilities, the malware appears to target users from Japan and South Korea.
While most attacks are targeted towards users in Asia, some strains of the malware have popped up in Europe. As of this writing, there are reports that the malware has already reached parts of Europe and North America.
Strains trace back to China
The latest FakeSpy campaign was released into full detail by cybersecurity experts from Cybereason. The firm claims that the attacks used by FakeSpy are eerily familiar with that of Roaming Mantis. Many experts believe that the earliest form of the malware came from China.
Yup, someone pretending to be a bunch of post delivery service and delivering #Android #Malware #FakeSpy https://t.co/SHVqjlNJZ3 pic.twitter.com/GlxrtcAnKe
— smtnk (@s_metanka) June 23, 2020
What bothers many experts is the fact that the FakeSpy Android malware is still in early development. Experts are still unable to predict the exact capabilities of the malware. Moreover, experts believe that the malware still has the capacity to evolve and be more destructive.
In general, the malware is designed to steal user information. However, the malware’s tactics are relatively simple yet very complicated to implement. The malware takes advantage of various SMS loopholes to steal user data.
Once this Android malware propagates into the system, it is capable of stealing sensitive information. This includes financial information, account details, and application data.
SMS compromised
Many systems use SMS as a form of added security to secure user data. SMS is widely used as two-factor authentication since system designers agree that it is virtually immune to hacking. The latest FakeSpy Android malware dismantles this very notion that SMS is impenetrable.
Despite its complexity, FakeSpy still relies on social engineering for it to properly deliver its payload. The malware targets users by sending a text message directing them to a fake website. The website masquerades as a legitimate where, in fact, it harvests user data.
The FakeSpy malware specifically mimics postal services. Among the confirmed cases are Germany’s Deutsche Post, France’s La Poste, Japan Post, and Swiss Post. Most of these targets rely heavily on postal services for information dissemination.
According to security experts, almost all FakeSpy applications are built using WebView to make it look legitimate. Once the application is downloaded, it will deliver its Android malware payload to the unsuspecting user. Experts suggest that uninstalling these apps is still the best way to avoid compromise.
Image courtesy of Nadir Keklik/Shutterstock