Android users beware, because experts from the European IT security manufacturer ESET have discovered and analyzed a cybercrime campaign that is still ongoing. Unsuspecting online shoppers are being tricked into downloading a malicious app. Once these applications get onto smartphones, hackers steal banking information using fake websites posing as legitimate services. These sites use similar domain names to the services they claim to be. The security researchers have now published their analysis on WeLiveSecurity.
“To make online shopping even more convenient, people are increasingly using their smartphones to shop. These purchases now make up the majority of online shopping orders – most of them via provider-specific applications,” says ESET researcher Lukás Stefanko, who analyzed the malicious apps. “The campaign is currently targeting Malaysia only, but may later expand to other countries and banks. The attackers are currently only targeting bank details. In the future, the theft of credit card information could also occur.”
This campaign was first reported in late 2021, with attackers posing as a legitimate cleaning service. The campaign was distributed via Facebook ads and tricked potential victims into downloading Android malware from a malicious website. In January 2022, the Malware Hunter team identified three additional malicious websites and Android Trojans attributed to this campaign. Recently, ESET researchers found four more fake websites. All seven sites claimed to be services only available in Malaysia. ESET researchers found the same malware in all three malicious apps examined.
The fake websites do not offer the option to purchase directly from them. Instead, they contain buttons that pretend to download apps from Google Play. However, clicking these buttons does not lead to the Google Play Store, but rather to servers controlled by the criminals. For this attack to be successful, victims must turn on the “Unknown Origin” or “Unknown Sources” option on their devices, which is not enabled by default. When completing the purchase, victims are offered payment options - they can pay either by credit card or by transferring the required amount from their bank account. At the time this research was conducted, it was not possible to select the credit card payment option.
Two-factor authentication is partially bypassed
After selecting the direct transfer option, victims are presented with a fake payment page asking them to select their bank from the eight Malaysian banks on offer and then enter their login details. After entering their banking details, victims receive an error message informing them that the user ID or password provided is invalid. At this point, the entered credentials have already been sent to the malware operators. To ensure that the criminals can break into their victims' bank accounts, the fake shop applications also forward all SMS messages that the victim receives to the operators in case they contain two-factor codes sent by the bank. Authentication (2FA) included.
Tips to protect yourself when shopping online
– Check whether the website is secure, i.e. whether its URL starts with https://. Some browsers even refuse to open websites that are not secured via HTTPS and explicitly warn users or provide an option to enable HTTPS mode.
– Be careful when clicking on advertisements and paid search engine results.
– Pay attention to the source of the applications you download. Make sure you are actually redirected to the Google Play Store. Apps should only ever be downloaded from trusted sources.
– Two-factor authentication is generally a recommended protection function. However, if possible, avoid SMS for verification and use special authentication apps or hardware.
– Install a mobile security solution on your smartphone and tablet too. The app should provide comprehensive protection against all types of cyber attacks. Applications that also offer protection against phishing and include an anti-theft function in the event of loss are recommended.
The article is available on WeLiveSecurity under “ Fake e-shops use Android malware to hunt for bank details ”.
Source: pte
Also read: WhatsApp warning about: “Free Easter gift baskets from Milka”
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

