Windows 10 News and info | Forum
November 23, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Chinese hackers are trying to get Android users to click on a ‘missed delivery’  (Read 114 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 31994


I Do Windows


WWW Email
« on: July 19, 2020, 05:01:10 AM »
ReplyReply

• Chinese hackers are targeting Android phones with a new piece of malware that attempts to fool people into clicking on a “missed delivery” text — the kind of text that’s no doubt become especially familiar to people during the coronavirus pandemic as they spend more time at home and ordering items for delivery.

• The text is actually a phishing scam that enables everything from stealing bank details to a user’s contact list.

• It’s being perpetrated, according to cybersecurity researchers, by a group of hackers operating under the “Roaming Mantis” collective.


Another day, another nasty new piece of Android malware to be aware of — this time, according to cybersecurity researchers at Cybereason, it’s malware that uses a “missed delivery” text to phish its unsuspecting recipients.

There has been a spate of these incidents lately, involving everything from sketchy apps found in the Google Play Store to the presence of undeletable, malicious files and apps inside Android phones. After investigating this latest malfeasance, Cybereason’s team found that it’s a Chinese-speaking group of hackers operating under the banner of “Roaming Mantis” that’s behind this so-called FakeSpy malware campaign.

“FakeSpy has been in the wild since 2017; this latest campaign indicates that it has become more powerful,” the Cybereason team notes. “Code improvements, new capabilities, anti-emulation techniques, and new, global targets all suggest that this malware is well-maintained by its authors and continues to evolve.”

According to this research, FakeSpy can exfiltrate and send SMS messages, in addition to stealing financial data, reading account information, and contact lists, among other nefarious acts. Users are tricked into clicking a text message informing them of a missed delivery, which steers them to download an Android application package. This is being used to target Android users all over the world, including in the US thanks to the malware’s ability to send messages that purport to be from the US Postal Service.

“Roaming Mantis” sounds the name of a villain from a movie, but it’s actually the moniker of a Chinese threat actor group that’s been around for a few years now and has continued to evolve. They used to mostly target Asian countries but have since expanded to strike at victims across the world.

What can you do to protect yourself? Cybereason senior director and head of threat research Assaf Dahan told ZDNet that people should be suspicious of SMS messages that contain links. “If they do click on a link,” Dahan said, “they need to check the authenticity of the webpage, look for typos or wrong website name, and most of all — avoid downloading apps from unofficial stores.” These practices can protect you from inadvertently downloading malicious apps, getting phished by clicking on dodgy text message links, and more.

source
« Last Edit: July 19, 2020, 05:52:36 PM by javajolt » Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 31, 2020, 01:41:28 AM