Android users take note, as experts at European IT security maker ESET have discovered and analyzed a cybercrime campaign that is still ongoing. People not shopping online should be tricked into downloading a malicious app. Once these applications get into the smartphone, hackers steal banking information by using fake websites as legitimate services. These sites use the same domain names as the services they claim to be. Security researchers have now published their analysis on WeLiveSecurity.
“To make the already convenient online shopping more convenient, people are increasingly using their smartphones for shopping. “These purchases now make up the majority of online shopping orders – most of them through vendor-specific applications,” says ESET researcher Lukas Stefanko. “The campaign is only targeting Malaysia at the moment, but may later expand to other countries and banks. Attackers are currently targeting only bank data. However, credit card information theft may also occur in the future. “
The operation was first reported in late 2021, with attackers posing as a reputable cleaning service. The campaign was distributed through Facebook ads and tricked potential victims into downloading Android malware from a malicious website. In January 2022, the Malware Hunter team identified three more malicious websites and attributed the campaign to Android Trojans. Recently, ESET researchers discovered four more fake websites. All seven sites were viewed as services available only in Malaysia. ESET researchers found the same malware in all three malicious apps they tested.
Fake websites do not provide an opportunity to buy directly from them. Instead, they contain buttons that pretend to download apps from Google Play. However, clicking these buttons does not take them to the Google Play Store but to servers controlled by criminals. For this attack to be successful, victims need to have the “Unknown origin” or “Unknown sources” option turned on on their devices, which is not enabled by default. Upon completing the purchase, victims are given payment options – they can either pay by credit card or transfer the required amount from their bank account. At the time this research was done, it was not possible to select a credit card payment option.
Two-factor authentication is partially bypassed
After selecting the direct bank transfer option, victims are presented with a fake payment page asking them to choose their bank from among the eight Malaysian banks offered and then enter their credentials. After entering their banking information, victims receive an error message informing them that the user ID or password provided is invalid. At this point, the entered credentials have already been sent to the malware operators. To ensure that criminals can break into their victims’ bank accounts, Fake Shop applications also forward all SMS messages that the victim receives using a code sent by the bank for two-factor authentication. There are. Authentication (2FA) is included.
Tips to protect yourself when shopping online
– Check if the website is secure, that is, its URL starts with https://. Some browsers also refuse to open websites that are not secure over HTTPS, explicitly warning users or providing an option to enable HTTPS mode.
– Be careful when clicking on ads and paid search engine results.
– Pay attention to the source of the application you download. Make sure you are actually being redirected to the Google Play Store. Apps should always be downloaded from trusted sources.
– Two-factor authentication is generally a recommended protective function. If possible avoid SMS and use special authentication app or hardware for verification.
– Also install mobile security solutions on smartphones and tablets. The app should provide comprehensive protection against all kinds of cyber attacks. We recommend applications that provide protection against phishing and have an anti-theft function in case of loss.
The article is available under “” on WeLiveSecurityFake e-shops look for bank details with Android malware“reachable
Information: This material reflects the current status at the time of publication
Was. Used for playback of individual images, screenshots, embeddings or video sequences
Discuss topic with topic.
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.