A new wave of FakeSpy Android malware that targets users of different delivery and postal services apps has become the latest cyber menace. The new strain of malware pretends to be a legitimate postal service app, and is actively victimizing users of the UK's Royal Mail app, among others. The malware was first discovered in 2017, but security researchers note that the current one is an updated and upgraded version.
Ofir Almkias of Cybereason's Nocturnus threat research team revealed that the new version of FakeSpy is crucially more powerful than its previous iterations. The security researcher noted that the Android information stealer continues to evolve rapidly. New versions of the malware are reportedly being released weekly as developers work on new obfuscation techniques.
Previously, FakeSpy targetted users in Japan and South Korea. Currently, the malware is targeting users in countries like France, Germany, Taiwan, China, Switzerland, and the US. ComputerWeekly reports that it has now invaded brands of postal services companies, including the US Postal Service, Royal Mail in the UK, La Poste in France, and Deutsche Post in Germany.
In a disclosure blog, Almkias wrote that FakeSpy is well maintained by its makers since it now comes with code improvements, anti-emulation techniques, and new capabilities. The security firm suspected that the authors are Chinese and created the malware because of several artifacts discovered at the time of analysis.
Moreover, the security researcher explained that the malware is equipped with names that use the English spelling of Chinese names. These names have references to Chinese food, provinces in China, and even Chinese songs. Additionally, the team discovered that the domains for communicating with the command-and-control server are registered to a Chinese name connected with a Chinese ISP.
FakeSpy sends malicious text messages, spies on sensitive data like contacts and account details pilfers account data, and compromises bank and card details. The Android-data stealing malware depends on a technique dubbed as SMS phishing.
This technique allows attackers to distribute malicious text messages that appear to be coming from legitimate groups and organizations. Unassuming victims are enticed to click on links. The latest campaign has the same modus operandi, with victims getting fake messages claiming from local postal service with a malicious link.
To protect users from this new scheme, Cybereason Head Of Threat Assaf Dhan, through Tom'sGuide, shares an important tip. According to him, users must apply critical thinking and must be suspicious of text or SMS messages that come with links. If users want to click on the link, always make sure the authenticity of the webpage. It is also wise not to download apps from unofficial sites and stores.
