Bogus Android App Steals Banking Credentials from Malaysian Individuals
Android Users Are Advised to Only Download Apps from the Official Google Play Store.
Customers of eight Malaysian banks have had their online banking credentials stolen via a bogus Android app posing as a housekeeping service.
Initially noticed by MalwareHunterTeam last week and later analyzed by security experts at Cyblis, this application is promoted via numerous bogus or copied websites and social media accounts in order to advertise the malicious APK ‘Cleaning Service Malaysia.’
“cleaningservicemalaysia.apk”: 7845bb247dbfad94018047afbb2f5e1d9e54752b620d995033c695d9a2d104a0 pic.twitter.com/wx6nM2GFdX
— MalwareHunterTeam (@malwrhunterteam) November 25, 2021
How Does It Work?
As explained by BleepingComputer, when users install the application, they are asked to approve at least 24 permissions, including ‘RECEIVE SMS,’ which is unsafe because it allows the app to keep track and see all SMS texts received on the mobile.
This permission is being exploited to read SMS messages in order to collect one-time passwords and multi-factor authentication credentials used in e-banking applications, which are subsequently transferred to the cybercriminal’s server.
When the fake app is launched, it will prompt the user to fill out a form in order to schedule a house cleaning.
The targets are asked to select a payment method the minute they enter their cleaning service information such as names, physical addresses, phone numbers into the malicious app.
Following that, the victims will be presented with a list of Malaysian banks and internet banking alternatives, which, if selected, will send them to a false login page that looks identical to the real one.
Any financial details provided at this point are delivered straight to the attackers, who can utilize them together with an intercepted SMS code to access the target’s online banking account.
When Do You Know It Is Fraud?
First of all, you can easily spot a fraud scheme by paying attention to the social media accounts promoting these APKs (Android application packages). The fact that they don’t have a lot of followers or likes and that they were recently created should be enough to make you have doubts.
Also, users should pay attention to the provided contact info. Because almost all the fake websites chose legitimate cleaning services to impersonate, differences in phone numbers or email addresses are a major red flag.
Last but not least, the requested permissions. They also suggest that something is wrong because a cleaning service application has no reason to ask for access to a device’s texts.
What Android Users Can You Do in Order to Stay Safe?
- use only the official Google Play Store to download Android apps
- always double-check the requested permissions
- do not install an app that is asking for greater privileges than it should require for its functionality
- keep your device updated by installing the newest available security updates and using mobile security software from a reputable vendor.