Go to listing page

Copybara Malware Uses Vishing Tricks to Target Italian Banking Users

Copybara Malware Uses Vishing Tricks to Target Italian Banking Users
The Dutch mobile security company ThreatFabric has discovered a new wave of hybrid fraud attacks. These attacks have opened a new dimension for scammers to mount convincing Android malware campaigns that have otherwise relied on traditional methods.

TOAD + Vishing = Copybara

Malicious actors were observed resorting to voice phishing (vishing) tactics with Telephone-oriented attack delivery (TOAD), a new social engineering technique involving calling the victims to collect information.
  • The attackers duped Italian users into installing Android malware on their devices using previously collected information from fraudulent websites.
  • The caller pretends to be a support operator for the bank and tricks the individual into installing a security app that, in reality, is malicious software.
  • The malicious software leads to the deployment of an Android malware dubbed Copybara (referred to as BRATA by some research agencies).

A brief about Copybara

Copybara is a mobile trojan first detected in November 2021. In recent attacks, it has been used to do on-device frauds via overlay attacks.
  • It abuses the Android operating system's accessibility services API to gather sensitive data.
  • Further, it can uninstall the downloader app to reduce its forensic footprint.
  • Due to manual telecalling, the group behind Copybara has been able to target a very limited number of victims, but ensured a decent success rate.

What's more?

  • To orchestrate successful banking malware campaigns, the infrastructure utilized by the attackers has been found to deliver a second malware named SMS Spy
  • The use of SMS Spy enables the adversary to gain access to all incoming SMS messages and intercept OTPs sent by banks.

Conclusion

Personal approaches powered by social engineering techniques such as TOAD are becoming a trend in the current mobile threat landscape. This approach allows cybercriminals to trick unsuspicious victims and obtain installations of their trojans with a likelihood of success without detection by antivirus engines. To deal with such fraudulent activities, behavior analytics powered with threat intelligence should be implemented.
Cyware Publisher

Publisher

Cyware