Attention Android users: fake stores spread malicious apps

Attention Android DJ users: Fake stores distribute malicious apps – ESET researchers have identified three malicious apps

Dow Jones has received payment from Pressetext for the distribution of this news release through its network.

Jena (pts019/04/06/2022/12:55) – Experts from the European computer security manufacturer ESET have discovered and analyzed a cybercrime campaign that is still ongoing. Unsuspecting online shoppers must be tricked into downloading a malicious app. Once these apps get onto the smartphone, hackers steal banking information using fake websites posing as legitimate services. These sites use domain names similar to the services they claim to be. The security researchers have now published their analysis on WeLiveSecurity.

“To make already convenient online shopping even more convenient, people are increasingly using their smartphones to shop. These purchases now make up the majority of online shopping orders, most of them through specific apps.” from the vendor,” says ESET researcher Lukás Stefanko, who analyzed the malicious apps. “The campaign is only targeting Malaysia at the moment, but could later expand to other countries and banks. Currently, the attackers are only targeting bank details. In the future, credit card information theft could also be added. “.

The campaign against cybercrime continues

This campaign was first reported in late 2021, with the attackers posing as a reputable cleaning service. The campaign was distributed via Facebook ads and tricked potential victims into downloading Android malware from a malicious website. In January 2022, the Malware Hunter team identified three more malicious websites and Android Trojans attributed to this campaign. Recently, ESET researchers found four more fake websites. All seven sites posed as services only available in Malaysia. ESET researchers found the same malware in all three malicious applications examined.

Fake websites do not provide an opportunity to buy directly from them. Instead, they contain buttons that claim to download apps from Google Play. However, clicking on these buttons does not lead to the Google Play Store but to servers controlled by the criminals. For this attack to be successful, victims must enable the “Unknown Sources” or “Unknown Sources” option on their devices, which is not enabled by default. Upon completing the purchase, victims are offered payment options: they can pay by credit card or by transferring the required amount from their bank account. At the time of this investigation, it was not possible to select the credit card payment option.

Two-factor authentication is partially bypassed

After selecting the direct bank transfer option, victims are presented with a fake payment page that asks them to select their bank from the eight Malaysian banks on offer and then enter their credentials. After entering their banking information, victims receive an error message informing them that the provided user ID or password is invalid. At this point, the entered credentials have already been sent to the malware operators. To ensure that criminals can break into their victims’ bank accounts, fake store apps also forward all SMS messages the victim receives to operators in case they use bank-sent codes for two-factor authentication .Authentication (2FA) included.

The article is available on WeLiveSecurity:

Tips to protect yourself when shopping online

– Check if the website is secure, that is, if its URL starts with https://. Some browsers even refuse to open websites that are not protected by HTTPS, explicitly warning users or offering an option to enable HTTPS mode.

– Be careful when clicking on ads and paid search engine results.

– Pay attention to the source of the apps you download. Make sure you are actually redirected to the Google Play Store. Apps should always be downloaded only from trusted sources.

– Two-factor authentication is generally a recommended protection feature. If possible, avoid SMS for verification and use special authentication apps or hardware.

– Also install a mobile security solution on smartphones and tablets. The application must offer comprehensive protection against all types of cyber attacks. We recommend apps that also offer phishing protection and contain an anti-theft feature in case of loss.


Sender: ESET Deutschland GmbH Contact person: Christian Lueg Tel.: +49 3641 3114 269 E-mail: [email protected] Website:

[ Quelle: ]

(END) Dow Jones Newswires

April 06, 2022 06:56 ET (10:56 GMT)


Leave your vote

Leave a Comment

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.