Former Ubiquiti dev charged for trying to extort his employer
New malware hides as legit nginx process on e-commerce servers
Nine WiFi routers used by millions were vulnerable to 226 flaws
Emotet now spreads via fake Adobe Windows App Installer packages
Microsoft Edge now bashes Google Chrome when you download it
Phishing actors start exploiting the Omicron COVID-19 variant
Twitter removes 3,400 accounts used in govt propaganda campaigns
Hackers use in-house Zoho ServiceDesk exploit to drop webshells
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks.
The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, ‘Cleaning Service Malaysia.’
This app was first spotted by MalwareHunterTeam last week and was subsequently analyzed by researchers at Cyble, who provide detailed information on the app’s malicious behavior.
“cleaningservicemalaysia.apk”: 7845bb247dbfad94018047afbb2f5e1d9e54752b620d995033c695d9a2d104a0
Upon installing the app, users are requested to approve no less than 24 permissions, including the risky ‘RECEIVE_SMS,’ which allows the app to monitor and read all SMS texts received on the phone.
This permission is abused for monitoring SMS texts to steal one-time passwords and MFA codes used in e-banking services, which are then sent to the attacker’s server.
Once launched, the malicious app will display a form asking the user to reserve a house cleaning appointment.
Once the user enters their cleaning service details (name, address, phone number) on the fake app, they are prompted to select a payment method.
This step offers a selection of Malaysian banks and internet banking options, and if the victim clicks on one, they are taken to a fake login page created to mimic the appearance of the real one.
This login page is hosted on the actor’s infrastructure, but of course, the victim has no way to realize that from inside the app’s interface.
Any banking credentials entered in this step are sent directly to the actors, who can use them along with an intercepted SMS code to access the victim’s e-banking account.
Some clear signs of fraud in the social media accounts that promote these APKs are their low follower count and the fact that they were created very recently.
Another issue is a mismatch in the provided contact details. Because most of the decoy sites picked real cleaning services to mimic, telephone numbers or email differences are a big red flag.
The requested permissions also indicate something is not right, as a cleaning service app does not have a legitimate reason to request access to a device’s texts.
To minimize the chances of falling victim to phishing attacks of this kind, only download Android apps from the official Google Play Store.
Furthermore, always review the requested permissions carefully and do not install an app that is asking for greater privileges than it should require for its functionality.
Finally, keep your device up to date by applying the latest available security updates and using a mobile security solution from a reputable vendor.
Flubot Android malware now spreads via fake security updates
Android banking malware infects 300,000 Google Play users
Android malware BrazKing returns as a stealthier banking trojan
New Android malware targets Netflix, Instagram, and Twitter users
Over nine million Android devices infected by info-stealing trojan
Not a member yet? Register Now
Microsoft Defender scares admins with Emotet false positives
Former Ubiquiti dev charged for trying to extort his employer
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

EwDoor botnet targets AT&T network edge devices at US firms

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

RedCurl corporate espionage hackers resume attacks with updated tools

US indicts Iranian hackers for Proud Boys voter intimidation emailsWinamp prepares a…

New Windows 11 build fixes Microsoft Installer issue breaking apps

Microsoft: Office 365 will boost default protection for all usersMicrosoft increases Windows…

Microsoft seizes sites used by APT15 Chinese state hackers

Google disrupts massive Glupteba botnet, sues Russian operators27 flaws in USB-over-network SDK…