Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes
Summary:
A new malicious campaign has been observed utilizing Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale operation. These malicious apps, numbering over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification, leading to identity fraud.
"Of those 107,000 malware samples, over 99,000 were previously unknown and unavailable in common repositories," reported mobile security firm Zimperium in a report shared with The Hacker News. "This malware monitored OTP messages across over 600 global brands, some of which have user bases in the hundreds of millions." Victims of this campaign have been identified in 113 countries, with India and Russia at the top of the list, followed by Brazil, Mexico, the United States, Ukraine, Spain, and Turkey.
The attack starts with a victim being tricked into installing a malicious app through deceptive ads mimicking Google Play Store listings or through any of the 2,600 Telegram bots masquerading as legitimate services, such as Microsoft Word. Once installed, the app requests permission to access incoming SMS messages and connects to one of the 13 command-and-control (C2) servers to transmit the stolen messages. The malware remains hidden, constantly monitoring new incoming SMS message and Its primary target is OTPs used for online account verification.
Security Officer Comments:
It is currently unclear who is behind the operation, although the threat actors have been observed accepting various payment methods, including cryptocurrency, to fund a service called Fast SMS. This service allows customers to purchase access to virtual phone numbers. It is likely that the phone numbers associated with infected devices are being used without the owners' knowledge to register for various online accounts by harvesting the OTPs required for two-factor authentication (2FA).
Suggested Corrections:
Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release. Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats.
Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date.
Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy.
Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information. Download apps from official app stores.
Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk.
Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device.
Link(s):
https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html
https://www.zimperium.com/blog/unma...geting-several-countries-with-deceptive-apps/
A new malicious campaign has been observed utilizing Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale operation. These malicious apps, numbering over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification, leading to identity fraud.
"Of those 107,000 malware samples, over 99,000 were previously unknown and unavailable in common repositories," reported mobile security firm Zimperium in a report shared with The Hacker News. "This malware monitored OTP messages across over 600 global brands, some of which have user bases in the hundreds of millions." Victims of this campaign have been identified in 113 countries, with India and Russia at the top of the list, followed by Brazil, Mexico, the United States, Ukraine, Spain, and Turkey.
The attack starts with a victim being tricked into installing a malicious app through deceptive ads mimicking Google Play Store listings or through any of the 2,600 Telegram bots masquerading as legitimate services, such as Microsoft Word. Once installed, the app requests permission to access incoming SMS messages and connects to one of the 13 command-and-control (C2) servers to transmit the stolen messages. The malware remains hidden, constantly monitoring new incoming SMS message and Its primary target is OTPs used for online account verification.
Security Officer Comments:
It is currently unclear who is behind the operation, although the threat actors have been observed accepting various payment methods, including cryptocurrency, to fund a service called Fast SMS. This service allows customers to purchase access to virtual phone numbers. It is likely that the phone numbers associated with infected devices are being used without the owners' knowledge to register for various online accounts by harvesting the OTPs required for two-factor authentication (2FA).
Suggested Corrections:
Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release. Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats.
Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date.
Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy.
Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information. Download apps from official app stores.
Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk.
Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device.
Link(s):
https://thehackernews.com/2024/07/cybercriminals-deploy-100k-malware.html
https://www.zimperium.com/blog/unma...geting-several-countries-with-deceptive-apps/