Hackers use fake online store apps to steal users’ banking credentials
A campaign launched late last year targeting eight different Malaysian banks still targets its customers with three malicious Android apps.
Under the guise of seemingly innocuous shopping apps, threat actors in this campaign misled users into installing malicious apps. In order to trick people into downloading the apps, some websites copy the original to the point of copying it outright.
Security experts from the Slovak cybersecurity company ESET declared:-
“In these attacks or campaigns, malicious websites were created by the attackers to trick users into downloading the malicious apps by appearing as legitimate, but fraudulent websites.”
In addition to stealing credentials, the apps allow attackers to forward all of the victim’s SMS messages that include 2FA codes sent by their banks to malware operators.
Targeted banks and websites
In total, threat actors targeted 8 Malaysian banks, and we have mentioned them all here:-
- Refined Bank
- Berhad Public Bank
- CIMB Bank
- Bank Islam Malaysia
- Bank of Hong Leong
Here hackers have copied the websites of cleaning services and a pet store:-
- Maria’s cleaning
- Your housekeeper
Campaign and objective
In this latest campaign, all websites are seen using domain names whose domain names are similar to those of the services they claim to represent.
Along with ESET security analysts MalwareHunterTeam said:-
“Facebook ads are also used by the attackers to spread the fake websites they have created. As a result, it has also been discovered that there are three other malicious websites and Android Trojans associated with the campaign. »
The attack depends on the potential victim enabling the non-default “Install unknown apps” option on their device for it to succeed. Because of this, five of the services that are being abused don’t even have a Google Play app, which makes matters worse.
As soon as the application is launched, the user will be prompted to log in. This will allow him to place fake orders and then he will be given different options to accept payments from his bank accounts to complete the payment process.
Such campaigns are primarily designed to obtain users’ banking credentials and exfiltrate them to a server controlled by the attacker. During this process, they will show an error message about an invalid user ID or password entered.
Additionally, ESET Malware Researcher Lukáš Štefanko said:-
“Although the campaign is exclusively targeting Malaysia, for now it may expand to other countries and banks later. allow the theft of credit card information in the future.
Below we have mentioned all the recommended mitigations:-
- Always check whether the website is secure or not.
- Don’t follow paid search engine results.
- Beware of clicks on suspicious advertisements.
- Do not download any apps from unknown sources.
- Always try to use a software or hardware 2FA mechanism.
- Always use robust mobile security solutions.