Researchers have encountered a new SpyAgent campaign that infects smartphone users in South Korea. The malware became active in early October and has infected more than 200 devices so far.
Modus operandi
According to McAfee researchers, the malware is distributed via malicious Android and iOS applications delivered via phishing sites.
- The attackers initially approach victims via SMS messages and convince them to move to the LINE messenger for further conversation.
- Once the victim moves to LINE messenger, they are prompted to click on an app provided in the phishing link to start a video call.
- This triggers the download of the SpyAgent malware that collects the contact information and text messages of victims and sends them to a server controlled by attackers.
Malware distribution
- One of these phishing sites was found distributing a fake version of the Camtalk app for Android and Apple phones.
- In addition to disguising a social networking app, the attackers used different themes in their phishing sites to lure victims.
Based on the 10 phishing sites discovered so far, the campaign is believed to be ongoing and the number of affected devices is expected to rise.
Malicious apps remain a hotbed for cybercrime
Infecting users via malicious apps remains a go-to attack vector for cybercriminals.
- Recently, threat actors were found leveraging the Windows news portal to promote a malicious installer for the CPU-Z app to distribute RedLine Stealer.
- Separately, Doctor Web’s analysts identified several malicious apps on the Google Play Store that distributed a wide range of malware such as FakeApp, Joker, and HiddenAds.
Conclusion
Google has recently updated its Google Play Protect in response to the growing prevalence of cyber threats targeting mobile devices. As a rule of thumb, users must avoid downloading apps from unknown sources or third-party app stores. Furthermore, users should always verify when the app requests permissions unrelated to its intended purpose.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/5171_shutterstock_617680667.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/cc0d_shutterstock_1092579335.jpg)
