FakeSpy Android Malware Spread Via ‘Postal-Service’ Apps

Android mobile device users are being targeted in a new SMS (text message) phishing campaign that’s spreading the FakeSpy infostealer. The malware, which is disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from the victims’ devices. You can read the entire article at the link below.
KEY TAKEAWAYS FROM THE ARTICLE: The attacker uses text messages as an initial infection vector, prompting the Android recipients to click on a malicious link, in a practice known as SMS phishing or “smishing.” One example of a message used in the latest FakeSpy campaign is an alert from the postal service local to the region of the victim, informing them that the service tried to send a package, but the receiver was not at home, for instance. Then, “the link directs them to a malicious web page, which prompts them to download an Android application package (APK),” according to a report on the campaign, by a mobile analyst with Cybereason. That APK downloads an app that appears to be from the local region’s legitimate postal service-such as the United States Postal Service (USPS)-but actually executes FakeSpy, an infostealer that requests permissions to take over SMS messages and steal sensitive data on devices. The malware, which has been a threat since 2017, also can access and use a target device’s contact list to infect other devices.
Once FakeSpy is on the device, it steals all contacts in the device’s contact list and their information, as well as the infected device’s data. That includes the mobile number, the device model, the OS version, and banking and cryptocurrency app information. It also asks to be the device’s default SMS app so the malware can spread to other devices.
“Android devices are a prime target due to the number of people who own them and the operating system is open-source code, which allows cyber criminals to discover exploits for their malware attacks,”
To avoid being duped by the new FakeSpy campaign, it is recommended that users ignore text messages from unknown users and verify any messages about deliveries or other postal services through trusted links to local delivery carriers before clicking on a link sent via text. threatpost.com/fakespy-android-malware-spread-via-postal-service-apps/157102/

Leave a Reply