A new Android malware is spreading and has already targeted hundreds of thousands of people. It impersonates the Google Chrome app and uses smishing attacks to steal credentials. In addition, the campaign uses a mix of techniques to evade mobile security solutions, as well.
What has happened?
According to researchers, the campaign was first spotted at the beginning of May in multiple European countries. Considering its rate of propagation, it is anticipated to have been spread to other countries.
- The attack starts with a smishing gambit in which targets receive an SMS text urging them to pay customs fees to release a package delivery. Upon clicking, a message asks them to update the Chrome app.
- Unsuspecting users are redirected to a malicious website, from where the malicious app, pretending to be an update, gets downloaded to their phones.
- Subsequently, victims are taken to a phishing page asking to pay a small $1 or $2 amount, which is just an attempt to collect the victim's credit card details.
The fake app
The fake Chrome app, which is used for propagation, can send 2,000 SMS messages per week from infected devices.
- The messages are sent out on a daily basis during a certain two or three-hour time period.
- The recipient phone numbers are not from the victims’ phone books, however, they follow a sequential pattern.
- Meanwhile, the malware stays hidden on infected devices by using the official Chrome app name and icon.
Closing lines
A combination of efficient phishing techniques, malware propagation techniques, and several evasion techniques make this campaign capable of spreading faster without getting detected. Thus, users are recommended to use mobile security solutions with massive datasets of mobile threat telemetry.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/0cd6_shutterstock_521452618.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/0df5_shutterstock_1570211968.jpg)
