Attention Android users: fake stores spread malicious apps

Attention Android users, because experts from the European computer security manufacturer ESET have discovered and analyzed a cybercrime campaign that is still ongoing. Unsuspecting online shoppers must be tricked into downloading a malicious app. Once these apps get onto the smartphone, hackers steal banking information using fake websites posing as legitimate services. These sites use domain names similar to the services they claim to be. The security researchers have now published their analysis on WeLiveSecurity.

“To make already convenient online shopping even more convenient, people are increasingly using their smartphones to shop. These purchases now make up the majority of online shopping orders, most of them through vendor-specific apps,” says ESET researcher Lukás Stefanko, who analyzed the malicious apps. “The campaign is only targeting Malaysia in right now, but then it could spread to other countries and banks. Currently, attackers only target bank details. In the future, however, there could also be credit card information theft.”

This campaign was first reported in late 2021, with the attackers posing as a reputable cleaning service. The campaign was distributed via Facebook ads and tricked potential victims into downloading Android malware from a malicious website. In January 2022, the Malware Hunter team identified three more malicious websites and Android Trojans attributed to this campaign. Recently, ESET researchers found four more fake websites. All seven sites posed as services only available in Malaysia. ESET researchers found the same malware in all three malicious applications examined.

Fake websites do not provide an opportunity to buy directly from them. Instead, they contain buttons that claim to download apps from Google Play. However, clicking on these buttons does not lead to the Google Play Store but to servers controlled by the criminals. For this attack to be successful, victims must enable the “Unknown Sources” or “Unknown Sources” option on their devices, which is not enabled by default. Upon completing the purchase, victims are offered payment options: they can pay by credit card or by transferring the required amount from their bank account. At the time of this investigation, it was not possible to select the credit card payment option.

Two-factor authentication is partially bypassed

After selecting the direct bank transfer option, victims are presented with a fake payment page that asks them to select their bank from the eight Malaysian banks on offer and then enter their credentials. After entering their banking information, victims receive an error message informing them that the provided user ID or password is invalid. At this point, the entered credentials have already been sent to the malware operators. To ensure that criminals can break into their victims’ bank accounts, fake store apps also forward all SMS messages the victim receives to operators in case they use bank-sent codes for two-factor authentication .Authentication (2FA) included.

Tips to protect yourself when shopping online

– Check if the website is secure, that is, if its URL starts with https://. Some browsers even refuse to open websites that are not protected by HTTPS, explicitly warning users or offering an option to enable HTTPS mode.

– Be careful when clicking on ads and paid search engine results.

– Pay attention to the source of the apps you download. Make sure you are actually redirected to the Google Play Store. Apps should always be downloaded only from trusted sources.

– Two-factor authentication is generally a recommended protection feature. If possible, avoid SMS for verification and use special authentication apps or hardware.

– Also install a mobile security solution on smartphones and tablets. The application must offer comprehensive protection against all types of cyber attacks. We recommend apps that also offer phishing protection and contain an anti-theft feature in case of loss.

The article is available on WeLiveSecurity at “Fake e-shops use Android malware to search for bank details”.

Source: pte

Also Read: WhatsApp Warning: “Free Easter Gift Baskets From Milka”

Warning: This content reflects the current state of things at the time of publication.
was. Playback of individual images, screenshots, embeds, or video sequences is used to
discussion of the matter with the subject.

Leave your vote

Leave a Comment

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.