Recently, an Android-based phishing effort targeting consumers of Japanese telecommunication providers was uncovered by Cyble Research Labs.
“According to our research, the Threat Actor(s) (TA) behind this campaign has hosted multiple domains and spreads a fake version of the official Telecommunication network’s Android application. Upon analyzing the sample, we determined that the malware conducts phishing activities to steal credentials and session cookies. It then proceeds to upload this information to the TA’s email through Simple Mail Transfer Protocol (SMTP),” Cyble Research Labs wrote.
According to the study, attackers used numerous domains to disseminate a fake Android application from a telecommunications company. These were the observations:
- Researchers uncovered over 2,900 credentials/cookies for 797 Android and 2,141 Apple mobile devices during this effort.
- The malware-infected spoof app collects login information and session cookies.
- The program requests a few permissions for the attacker to get information about the device’s network connections.
When a malicious application is launched, it prompts users to connect to a cellular network while turning off Wi-Fi. The phony application directs you to the official website of the telecom’s payment provider. These are the next steps:
- When a customer’s subscription is verified, the consumer is given a network PIN number. This PIN is used by subscribers to verify their identity or alter certain settings.
- To lure victims, the app displays the legitimate payments URL in WebView and conceals malicious strings to prevent reverse engineering and discovery.
- After the information is taken, it is transmitted through Simple Mail Transfer Protocol (SMTP) to an attacker’s email address.
Phishing is a frequent yet successful method that involves mimicking an official program of popular software. Furthermore, the perpetrators of malicious Android applications employ a variety of tactics to avoid detection by security software. Therefore, it is suggested that you never download programs from unknown third-party stores and always use the official app store.
