Cybereason publishes report on global Android mobile malware campaign

In News

Cybereason today published new research from its Nocturnus Research team, titled, FakeSpy Masquerades as Postal Service Apps Around the World, an investigation into a new global Android mobile malware campaign targeting users of mobile postal service and transportation apps such as the U.S. Postal Service, Japan Post, Royal Mail (United Kingdom), Le Poste (France) and Deutsche Post (Germany), amongst others. The campaign is being carried out by the Chinese cybercrime group often referred to as Roaming Mantis.

Roaming Mantis has upgraded FakeSpy malware, which dates back to 2017, to carry out his new campaign. FakeSpy is an information stealer that exfiltrates and sends SMS messages, steals financial and application data, reads account information and contact lists. The malware uses smishing, or SMS phishing, to infiltrate target devices, which is a technique that relies on social engineering. The attackers send fake text messages to lure the victims to click on a malicious link and the link directs them to a malicious web page.

Once installed on an Android device, the application requests permissions so that it may control SMS messages and steal sensitive data on the device, as well as proliferate to other devices in the target device’s contact list. The threat actors use postal services themes in their SMS messages.

“The ultimate motive of Roaming Mantis is financial as they are an organized cybercrime group operating from China for at least 3 years. It is difficult to estimate how many people are behind it, but it is a well-oiled operation that keeps expanding. We refer to this type of global campaign as ‘spray and pray’ where the threat actors aren’t focused on any particular individual but they try their luck, casting a rather wide net waiting for large volumes of people to take the bait,” said Assaf Dahan, Senior Director, Head of Threat Research, Cybereason.

Earlier this year, Nocturnus discovered Eventbot, new Android mobile malware targeting users of more than 200 financial apps, Paypal Business, Barclays, UniCredit, HSBC, CapitalOne, Santander, TransferWise, Coinbase and many more.

Comments

You may also read!

Five indicators that ascertain an impending ransomware attack

Peter Mackenzi, Global Malware Escalations Manager,Sophos, highlights the five indicators that point to an impending ransomware attack on any

Read More...

ESET to highlight KrØØk and Stantinko at Black Hat USA 2020

ESET, will highlight its latest research during Black Hat USA 2020. ESET researchers Robert Lipovský, Štefan Svorenčík and Vladislav

Read More...

Actionable DDoS Weapons Intelligence: a proactive way to successfully defend against DDoS attacks

Ehab Halablab, Regional Sales Director – Middle East at A10 Networks, emphasizes on the need to deploy Actionable DDoS

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu