Android users have to face another challenge – experts warn of a clever scam prepared by cyber crooks. A fake store with popular applications appeared on the web. Be vigilant.
–
Android is and will be used by fraudsters /123RF/PICSEL
The APT-C-23 group has been active since at least 2017. In April this year, it began to use new versions of spyware to infect its victims’ smartphones. The virus in its new version has been equipped with a number of functions that allow you to track user activity, including by recording the screen content, reading the phone call history or accessing notifications. To reduce the risk of detection, the virus can remove notifications from built-in security applications in some phone models.
Researchers point to an interesting mechanism of the infection itself. One of the malware distribution channels is a fake app store with infected versions of popular apps. In the case of samples identified by ESET, the criminals impersonated, inter alia, for Telegram, Threema and Android update module. Malicious applications are mixed up with links pointing to safe versions of programs, most likely to lull the victim to sleep. Interestingly, in order to download the infected versions, you need to enter the six-digit coupon code. According to the researchers, this is to limit the spread of the Trojan to a specific group of targets that are chosen by cybercriminals.
After installation, the malicious app asks for permission to read notifications, suggesting that it is required for Correspondence encryption to work properly, disabling Play Protect (Android’s built-in security mechanism), and recording your screen, claiming that it needs permission to use secure video chat. Next, the real version of the application is installed, which the virus pretends to be, and it starts running in the background, collecting data about the user.
