Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    A  New Smishing Trojan is Out and About

    New Smishing Trojan Out and AboutResearchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install a phony, malicious version of Google Chrome. The victims are also asked to enter their payment details, which are sent to the attackers.

    “Our team has come across an advanced mobile attack campaign that uses a phishing technique to steal victims’ credit card details and infects them with a malware that impersonates the Android Google Chrome app,” the researchers write. “The malware uses victims’ devices as a vector to send thousands of phishing SMS. Pradeo’s researchers qualified it as a Smishing trojan. By combining an efficient phishing technique, a malware to propagate actively, and methods to bypass security solutions, this campaign is particularly dangerous. We evaluate that the speed at which it is spreading has enabled it to already target hundreds of thousands of people in the last weeks. “

    The malware spreads via smishing messages sent from infected phones, which racks up victims’ phone bills.

    “Independently, once installed, the fake Chrome app sends more than 2000 SMS per week from its victims’ devices, every day during 2 or 3 hours, to random phone numbers that seem to follow one another,” Pradeo says. “This mechanism ensures a successful propagation of the attack campaign. To stay undetected, the malware hides on mobile devices by using the official Chrome app’s icon and name, but its package, signature and version have nothing in common with the official app. For victims, banking fraud and massive phone bills may ensue.”

    The researchers stress that users should constantly be on the lookout for unsolicited messages asking for sensitive information.

    “Mobile users should never provide credit card details when it is requested by an unknown sender,” Pradeo concludes. “If uncertain of the source of the request, they should consult their package delivery with the tracking number provided by the carrier, on the official app or the website. Besides, they should exclusively download apps from official stores (Google Play on Android and the Apple store on iOS) and always update them from there.”

    It’s a self-propagating scam with a few revenue streams, starting with the chickenfeed charged to release the package-that-isn’t and progressing through various forms of fraud. New-school security awareness training can help your employees recognize social engineering attacks.

     

    Return To KnowBe4 Security Blog

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST ResultsHere's how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/phishing-security-test-offer

    Topics: Social Engineering, Spear Phishing, Malware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews