Digital security company SonicWall Capture Labs has revealed that the new malware masquerades as popular apps to steal user credentials on Android phones. Malicious programs deceive users through easily recognized icons, mostly from social networks and messengers such as Instagram, Snapchat, WhatsApp, X, and more.
It is not yet known how this malware reaches users. However, once installed, they ask users to grant permissions for Accessibility Services and the Device Manager API.
This allows applications to fully control the mobile phone. This type of admin permission has already been replaced with a more secure solution in Android, but it still works when enabled.
A remote server sends commands through this type of malware executed on victims’ mobile phones to gain access to restricted resources and information.
From there, the malware opens phishing URLs that mimic the login pages of services such as Facebook, GitHub, Instagram, LinkedIn, Microsoft, Netflix, PayPal, and more.
Android malware attacks increased by 32%
According to Kaspersky, malware attacks on Android mobile phones have increased by 32% this year compared to last year, from over 57 thousand cases to over 75 thousand.
In early May, Symantec warned about a malware distribution method impersonating an Android security app via WhatsApp. Once installed, the malware disguises itself as a contacts app and immediately hides itself.
Last week, the Finnish National Cyber Security Center (NCSC-FI) published that smishing messages were being used to target Android users with malware that steals banking data.
The technique consists of sending an SMS alerting the user to the charge and asking the user to call a support number. During the call, the fraudster informs the victim that the SMS is fake and encourages the user to install antivirus software on his mobile phone through the link he sends to the victim.
In this case, the antivirus is exactly malware created to steal bank account credentials and perform financial transactions without the user’s consent.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.
