Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

FakeSpy Android Malware Distributed via Smishing

Stu Sjouwerman | Jul 7, 2020

fakspy malware Researchers at Cybereason are tracking a sophisticated malware campaign targeting Android devices around the world. The campaign involves a new version of the FakeSpy information-stealing malware, which is tied to the China-associated threat actor “Roaming Mantis.” The attackers are using smishing to trick victims into installing spoofed apps.

“The malware uses smishing, or SMS phishing, to infiltrate target devices, which is a technique that relies on social engineering,” the researchers explain. “The attackers send fake text messages to lure the victims to click on a malicious link. The link directs them to a malicious web page, which prompts them to download an Android application package (APK)....New versions of FakeSpy masquerade as government post office apps and transportation services apps. Our analysis indicates that the threat actors are no longer limiting their campaigns to East Asian countries, but are targeting additional countries around the world.”

The malicious apps are impersonating the US Postal Service, Britain’s Royal Mail, the Deutsche Post in Germany, France’s La Poste, the Japan Post, the Swiss Post, and Taiwan’s Chunghwa Post. This marks an expansion in targeting for the malware, as previous FakeSpy campaigns had only targeted Japanese and Korean speakers.

Cybereason stresses that the malware can only operate if the victims themselves grant permissions to the malicious apps, which the researchers say “points to the importance of healthy skepticism when giving applications permissions.”

The researchers conclude that FakeSpy’s developers are still actively working on refining the tool, so the malware will likely surface again in the future.

“The malware authors seem to be putting a lot of effort into improving this malware, bundling it with numerous new upgrades that make it more sophisticated, evasive, and well-equipped,” they write. “These improvements render FakeSpy one of the most powerful information stealers on the market. We anticipate this malware to continue to evolve with additional new features; the only question now is when we will see the next wave.”

New-school security awareness training can teach your employees how to avoid falling for smishing and other social engineering attacks.

Topics: Phishing Malware Security Awareness Training

See KnowBe4 Security Awareness Training in Action

See how you can efficiently safeguard your organization from sophisticated social engineering threats.

Request a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All