FACCT has identified a new form of fraud known as the “Mammoth Scheme”, which involves the use of a fake version of Google Play. In this scheme, scammers pose as sellers and invite users to download apps from a fake store, but instead of a useful app, an Android spy Trojan is downloaded to the device. This Trojan allows attackers to silently steal money from victims’ bank accounts.
Fraudsters successfully exploited this scheme in September, stealing nearly RUB 3 million in 76 transactions, according to FACCT. The biggest danger is that the attacks do not require users to enter banking information on phishing sites. Instead, scammers offer to download a mobile app that resembles an ad delivery service. However, this app is actually a spyware that intercepts bank details and SMS codes to steal money from bank accounts.
Attackers create fake ads using a Telegram bot that provides a link to download a mobile application in APK file format. Clicking on this link presents the user with a fake Google Play page asking them to install an application that mimics real online platforms. Here the user needs to arrange the delivery, and during checkout the mobile Trojan captures and transmits bank data and SMS codes to fraudsters to steal money. This is a new tactic from scammers and users need to be careful and keep their devices safe.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
