Theft of Malaysian Bank Credentials And MFA Codes Via Malicious Android App

Theft of Malaysian Bank Credentials And MFA Codes Via Malicious Android App

A phony Android app posing as cleaning service is stealing online banking credentials from eight Malaysian banks’ clients. The infected APK, ‘Cleaning Service Malaysia,’ is advertised through several phony or cloned websites and social media profiles.

Last week, MalwareHunterTeam discovered this program. It was then investigated by Cyble experts, who provided specific details on the app’s dangerous activity. Users must authorize no less than 24 permissions when installing the program, including the dangerous ‘RECEIVE_SMS,’ which allows the software to monitor and read any SMS texts received on the phone.

This permission is misused to read SMS texts to collect one-time passwords and multi-factor authentication credentials used in e-banking services, which are subsequently transferred to the attacker’s server. When the malicious software starts, it will display a form inviting the user to schedule a house cleaning appointment.

After entering their cleaning service data (name, address, phone number) on the false app, the user is requested to choose a payment option. This step displays a list of Malaysian banks and online banking alternatives, and if the victim selects one, they will be sent to a phony login page that looks exactly like the actual one.

The actor’s infrastructure hosts this login page, but the victim has no means of knowing it from within the app’s UI. Any banking details entered at this phase are delivered straight to the actors, who can access the victim’s e-banking account using them and an intercepted SMS code.

The low follower count on the social media pages that advertise these APKs and the fact that they were formed lately are evident evidence of fraud. Another issue is a discrepancy in the contact information given. Because the majority of the spoof sites choose legitimate cleaning firms to imitate, variations in phone numbers or email addresses are a major red flag. The requested permissions also hint that something isn’t quite right, as a cleaning service software does not need to ask for access to a device’s messages. 

Only download Android applications from the official Google Play Store to reduce your chances of falling victim to phishing attempts. Moreover, always read the permissions requests carefully before installing an app that requires more access than it needs for its operation. Lastly, keep your smartphone up to date by installing the most recent security updates and using a trustworthy mobile security solution.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.