Be Careful With Postal And Parcel Applications


As we order more online, attack vectors for hackers become more obvious

Cybercriminals know how to capitalize on changes in society, and the resurgence of a long-feared strain of mobile malware shows that hackers are adapting to the way we all shop. FakeSpy, an Android-based mobile malware strain that first emerged in October 2017, has made a comeback in recent months.

When it first rose to prominence in 2017, FakeSpy initially targeted users in South Korea and Japan. But the new use is going global, according to cybersecurity researchers Cybereason Nocturnus: It has been seen in China, Taiwan, France, Switzerland, Germany, the United Kingdom, and the United States.

The malware hides in applications that claim to be those endorsed by postal services and courier companies operating in those countries, requesting permission to access SMS messages and other data, including contact lists.

Hitting people where it hurts

The attack vector is logical, given the strange times we live in. Blockades around the world and the forced closure of many non-essential stores have led to a massive migration to online shopping.

The UK Office for National Statistics (ONS) shows that the share of online retail spending jumped from around 19% in 2019 to 33.4% in May 2020, the highest ever recorded by the ONS. At the same time, online shopping has risen everywhere else, including a 20% year-on-year increase in the United States, as the coronavirus really hit the country.

All those extra packages purchased online need to be delivered, and customers love to track them. As a result, we are seeing an increased reliance on tracking apps, which is where cybercriminals have detected their point of entry.

Advanced malware

But the modern version of FakeSpy isn't just the same old malware reused to satisfy the vulnerabilities of the day. It has been improved and Cybereason says that Roaming Mantis, the Chinese-speaking group believed to be behind the malware, is updating the malware weekly to avoid detection.

FakeSpy reaches devices through a smishing or SMS phishing attack. Users receive a text message pretending to be from a postal service encouraging them to download the malware-laden app to track their package. Once they do, the malware "sneaks in and sends SMS messages, steals financial and application data, reads account information and contact lists, and more," according to the researchers.

Companies whose apps have been spoofed by FakeSpy malware include Deutsche Post, USPS (the US Postal Service), Royal Mail of Great Britain, La Poste of France, and Swiss Post.

Real websites, fake apps

The app leverages the Android WebView extension for the View class, allowing users to be more easily scammed. Applications containing the malware redirect users using the WebView extension to legitimate company websites when they launch the application, all while hiding the secrecy of data that is happening behind the scenes.

The information that malware obtains from a user's phone is relatively complete. It examines phone number, contacts, text messages, and more, and can be used to develop a pattern of behavior that could later be used for more serious attacks.

The link to a collective of Chinese-speaking hackers is perhaps of most concern to those watching the developments here. The expansion of target markets from Asia to the West is also a concern for those watching how things unfold, as it indicates an increase in attempts to spread this malware beyond the immediate area around China. The rule of thumb for online deliveries and associated apps from companies is simple: limit yourself to official app stores only, rather than relying on potentially suspicious links delivered in SMS messages.

Comments

Post a Comment

Popular posts from this blog

Malvertising: What You Need To Know To Prevent It

Image
Ads can be annoying, and they can also be dangerous to your cybersecurity. By simply visiting your favorite daily news website, you can become a victim. Malvertising is a type of cyberattack when fraudsters insert malicious code into advertisements to inject malware onto a user's device. By viewing or clicking an ad, you risk losing control of your device and data, as well as experiencing reduced performance from your desktop or mobile device. Read on to learn more about the different types of malvertising, their examples, and most importantly, ways to protect yourself against it. How does malvertising work? Malicious advertising can occur in different ways, but its main purpose is to inject an ad with malicious code, so that website visitors who click on an ad are redirected to malicious websites or infect their devices with malware. To create ads, scammers hide lines of malicious code in JavaScript that are prone to vulnerabilities. When we talk about malvertising, we could divid
Read more

HOW TO INCREASE THE FOLLOWERS IN INSTAGRAM USING MOBILEPHONE

Image
                                 INTRO: The most popular method to increase followers in insta is"inshackle"there are certain steps to be followed for using this tool step 1: install "Termux" app in your mobile phone.  step2: Open the app and type  "pkg update"and type enter. step3: After updated type "pkg install git"and type enter  to install the github. step4: After the github is installed type " git clone https://github.com/cyberkallan/inshackle-  bot"and type enter. step5: After completion type "       cd inshackle-bot" and type enter. step6: Finally type " bash inshackle.sh" and type enter. step7: After it loaded type "02" and type enter to activate the mode of increasing followers. step8: Then type the "user name" and "Password" as per it ask and press enter. u can see lively that your followers are increasing. This is the efficient and popular way to increase followers using you
Read more