A strong form Android malware returned and spread through SMS Phishing attacks. Malware can steal bank data, personal information, private communications And much more. It is called FakeSpy and has been active since 2017. Originally targeted users in Japan and South Korea, but is now targeting users Android worldwide. Depending on the purpose, the necessary changes are made to deceive users across Asia, Europe and North America.
FakeSpy is constantly evolving and "evolving fast". A new version of malware is released every week, with new features and avoidance techniques.
Android malware works as stealer information. It steals SMS, financial information, application data and accounts, while also reads contact lists And much more.
The recent campaign targets users in China, Taiwan, France, Switzerland, Germany, United Kingdom, USA and other countries. Android malware tries to install on the victim's device via a phishing SMS claiming to be related to a lost package from a local postal service or delivery service.
There is one in phishing SMS link which directs them users in a fake website. There they are instructed to download an app that looks like it's from the local post office. For example, UK users are required to download a specially designed fake version of the Royal Mail app. The US Postal Service app is downloaded in America, the Deutsche Post in Germany, La Poste in France, the Japan Post in Japan, the Swiss Post in Switzerland and the Chughwa Post in Taiwan. Basically, by downloading these apps, users download Android malware.
The fake ones applications they look a lot like the real ones. After downloading the application - which requires the user to enable it installation from unknown sources - the fake page will redirect users to the legitimate website so that they do not suspect anything.
Android malware also requests many permits, which does not seem very strange because it is common in legal applications.
Once installed, FakeSpy can monitors the device to steal various information: name, phone number, contacts, bank details, cryptocurrency details. It also monitors messages and applications.
Android malware takes advantage of device infection to spread, sending the same phishing SMS to all the victim's contacts.
Researchers argue that the attacks are not targeted. The hackers try to target as many users as possible to steal personal and especially banking data.
FakeSpy has been active for the last three years and continues to be threatening for Android users as it evolves and changes.
However, users can avoid falling victim to Android malware, if they are extremely careful with unexpected SMS messages, especially if they claim to be from organizations and ask the user to open links and archives. Finally, one mobile protection program, can also help identify the threat.