• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Malware » Android Malware Smishing Steals Bank Credentials

Android Malware Smishing Steals Bank Credentials

2020-07-01 by Keith Harlock

FakeSpy Malware Postal-Smishing

FakeSpy Uses SMS Phishing Disguised as Postal Service Messages to Spread Malware

Malware is targeting Android users across the globe with a smishing campaign. The malware, called FakeSpy, sends fake SMS text messages that are supposedly delivery updates from the postal service to trick users into clicking on a malicious link. The malware steals information from infected phones including financial account information and contact lists according to cyber security researchers at Cybereason.

FakeSpy malware sends SMS phishing (called “smishing”) text messages to potential victims. The SMS messages are crafted to look like they were sent by a number of postal services and contain delivery update information. Fake smishing messages from The U.S. Postal Service, the U.K. Royal Mail, Germany’s Deutsche Post, Switzerland’s Swiss Post, France’s La Poste, Taiwan’s Chunghwa Post have all been used to trick victims. Private delivery companies such as Japan Post, Yamato Transport, and Deutsche Post DHL Group are also being impersonated in this smishing attack.

READ: How Do I Know If My Phone Is Hacked?

The information for the attack most likely was gleaned from social engineering.

“FakeSpy is under active development and is evolving rapidly; new versions are released every week with additional evasion techniques and capabilities, “ says Cybereason.

The malware sends a fake Postal Service package delivery text message to the victim’s phone . The text message contains a link which the user is encouraged to click on. If the user clicks on the link, it sends them to a malicious web page. The landing page prompts them to download an app that is supposedly the local postal service’s app. The app is actually an Android application package (APK) that is loads FakeSpy malware.

“The fake applications are built using WebView, a popular extension of Android’s View class that lets the developer show a webpage. FakeSpy uses this view to redirect users to the original post office carrier webpage on launch of the application, continuing the deception.  This allows the application to appear legitimate, especially given these applications icons and user interface,” says Cybereason

FakeSpy Malware Texts Your Contacts

FakeSpy is an info stealer malware. When a device is infected, FakeSpy can steal financial data, read account information, contact lists, and application data. The malware will intercept every text message from an infected phone and send a copy to the hacker’s server. It can also send text messages to contacts, so they get infected too.

FakeSpy malware requests the following permissions:

  • READ_PHONE_STATE
  • READ_SMS
  • RECEIVE_SMS
  • WRITE_SMS
  • SEND_SMS
  • INTERNET
  • WRITE_EXTERNAL_STORAGE
  • READ_EXTERNAL_STORAGE
  • RECEIVE_BOOT_COMPLETED
  • GET_TASKS
  • SYSTEM_ALERT_WINDOW
  • WAKE_LOCK
  • ACCESS_NETWORK_STATE
  • REQUEST_IGNORE_BATTERY_OPTIMIZATIONS
  • READ_CONTACTS

FakeSpy Malware

FakeSpy was first spotted in 2017. It is believed that the malware is connected to a Chinese hacking group called Roaming Mantis. These hackers, are not, however regarded as an Advanced Persistent Threat Group. The threat actors initially targeted Japanese and Korean speakers. It has now evolved and targets anyone especially those who speak English, French, German, and Chinese.

READ: 13 Signs Your Phone Is Hacked

How do I know If my phone is infected?

Like many malwares, FakeSpy uses up a battery life fast. Read our guide on how to tell if your phone is infected with malware or a virus. FakeSpy overrides battery optimization settings on infected devices. So, if you notice that your phone is using up battery life faster, runs slowly, or your phone feels hot to the touch because it is using background data and running all the time – it may be infected.  Read our guide on why your phone runs so slowly and how to fix it. Also, read, How to Remove RAT Malware From an Android Phone

Filed Under: Malware Tagged With: FakeSpy

About Keith Harlock

Keith has 30 years of experience managing staff for the planning and design of highway, bridge and transportation-related projects and specialty structures. Keith oversees the development of and authors numerous reports on a variety of topics related to transportation engineering and has worked with several key clients on projects related to infrastructure security. Keith is a licensed professional engineer in the State of New York, currently a State Board member of the American Council of Engineering Companies of New York and is a licensed commercial pilot with an instrument rating. He resides in Western New York.


LinkedInTwitter

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version