A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42.
"The threat actor masquerades as a law enforcement official and says the target's phone number or bank account is suspected of being involved in financial fraud,” the researchers write.
“They then guide the person to download an app that will allow the attacker to investigate their bank transactions. The threat actor then instructs the person to select their bank from the app and fill in their personal information, including payment card details. At this point, the attackers can drain the bank account of whatever funds are available.”
After the malicious app is installed, it blocks incoming messages and phone calls, preventing the user from receiving legitimate fraud alerts from their bank. The threat actor then tricks the user into entering their personal and financial information.
“To convince people the app is legitimate, the threat actor provides a legal case number, and they ask the person to search for this case number in the malicious application,” the researchers write.
“The threat actor will also generate a fake legal case document with the intended victim's name on it. ...Once a target fully believes the app is from a genuine law enforcement authority, the threat actor guides the person to download the next-stage payload. The app accomplishes this by sending a download link, under the pretext of investigating bank transactions and the source of deposited funds. The APK malware sample supports selection from a variety of banking institutions. Once selected, the threat actors instruct victims to fill in their sensitive personal information, including payment card details.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Unit 42 has the story.
Here's how it works:
