groups are reportedly using a new version of Android
to steal user’s data through SMS messages. Called FakeSpy, the malware is an information stealer that reads the device contact lists and account information to extract financial and application data.
This new cyber campaign has been discovered in an investigation done by Cybereason, a cyber defence platform. The firm published outcomes of the investigation in a report titled ‘FakeSpy Masquerades as Postal Service Apps Around the World’. As per the report, this
phone malware campaign is targeting users of mobile postal service and transportation apps globally. The postal and transportation apps include the US Postal Service, Japan Post, Royal Mail (United Kingdom), Le Poste (France) and Deutsche Post (Germany), amongst others.
The threat actors use postal services themes in their SMS messages. For example, the user will get a pretext such as “missed delivery” or “your package can be collected at”. The message is most likely to have a download link for a fake postal service or delivery service app.
“The campaign is being carried out by the Chinese cybercrime group often referred to as Roaming Mantis,” says the report. As mentioned in the report, the FakeSpy malware dates back to 2017 and uses smishing, or SMS phishing, to infiltrate target devices.
The device infiltration relies on a technique called social engineering. One the malware reaches the target device, the attackers send fake text messages to lure the victims to click on a malicious link and the link directs them to a malicious web page. As one clicks on these fake links, a malicious app is installed on the Android device that controls SMS messages and steals sensitive data on the device. It can also proliferate to other devices in the target device’s contact list.