Hackers Use Vishing to Trick Victims into Installing Android Banking Malware | Techy Kings


Malicious actors are using voice phishing (vishing) tactics to trick victims into installing Android malware on their devices, new research from ThreatFabric reveals.

The Dutch mobile security company said it identified a network of phishing websites targeting Italian online banking users designed to obtain their contact details.

Telephone-oriented attack delivery (TOAD), as a social engineering technique, involves calling the victim using information previously collected from fraudulent websites.

The caller, who claimed to be a support agent for the bank, instructed the individual on the other end of the call to install a security app and grant it extensive permissions, when, in reality, it was malicious software intended to gain access or conduct remote financial fraud.

In this case, it led to the use of Android malware dubbed Copybara, a mobile trojan first detected in November 2021 and used mainly to commit fraud on devices through stack attacks targeting Italian users. Copybara has also been confused with another malware family known as BRATA.

Android Banking Malware

ThreatFabric assessed a TOAD-based campaign was initiated around the same time, indicating that the activity had been ongoing for nearly a year.

Like any other Android-based malware, the Copybara RAT’s capabilities are powered by abusing the operating system’s accessibility service APIs to gather sensitive information and also uninstall downloader apps to reduce its forensic footprint.

Android Banking Malware

Moreover, the infrastructure used by the threat actors has been found to deliver a second piece of malware called SMS Spy that allows adversaries to gain access to all incoming SMS messages and intercept one-time passwords (OTPs) sent by banks.

Cyber ​​security

The new wave of hybrid phishing attacks provides a new dimension for fraudsters to launch convincing Android malware campaigns that otherwise rely on traditional methods such as Google Play Store droppers, malicious ads and smishing.

“Such attacks require more resources [threat actors’] side and more sophisticated to implement and maintain,” ThreatFabric’s Mobile Threat Intelligence (MTI) team told The Hacker News.

Android Banking Malware

“We also want to show that targeted attacks from a fraud success perspective are unfortunately more successful, at least in this particular campaign.”

This is not the first time TOAD tactics have been used to orchestrate a banking malware campaign. Last month, MalwareHunterTeam detailed a similar attack aimed at customers of Axis Bank, an India-based bank, in an attempt to install an information thief masquerading as a credit card rewards app.

Researchers Cleafy, in December 2021, detailed an upgrade to the BRATA malware where victims of smishing attacks received calls from scam operators after downloading the malicious app to persuade users to install it through social engineering techniques.

“Any suspicious calls should be double-checked by contacting your financial organization,” the MTI team said, adding “financial organizations should provide their customers with knowledge of ongoing campaigns and enhance customer apps with mechanisms to detect suspicious activity.”


Source link