Android smartphone owners need to keep a close eye on the text messages they receive. Security experts have warned a new malware campaign is targeting Android users in the US and Europe, with con-artists posing as delivery firm giant DHL. Victims will be sent a text message with a URL to a site asking them to download a bogus DHL app for Android.
Once installed, the malicious app is capable of stealing login details for almost any banking platform after serving up Android users fake login forms to steal crucial credentials.
If scammers get hold of logins for internet banking services then they’ll be capable of emptying the bank accounts of any targeted Android user.
The latest Android threat was highlighted by researchers at ThreatFabric, and if you follow such warnings you may be getting a distinct sense of deja vu.
That’s because mobile users have previously been warned about fake DHL messages, where victims are told they’ve missed an important delivery as part of an attempt to get them to download malware.
But while those threats first reported last year were part of the FluBot malware campaign, the latest danger to Android users is from the Medusa (aka TangleBot) malware.
The ongoing Medusa malware threat is being delivered through the same distribution network as FluBot, with both pieces of malicious software capable of stealing internet banking details.
Besides fake DHL messages, researchers at ThreatFabric also discovered SMS texts that are designed to trick Amazon and Adobe users into downloading a bogus and dangerous app loaded with the TangleBot malware.
Speaking about the danger online, the fraud and cybercrime prevention experts said: “ThreatFabric analysts were able to retrieve the number of infected devices for one of the Medusa campaigns. In less then a month, this distribution approach allowed Medusa to reach more then 1500 infected devices in one botnet, masquerading as DHL.
“Please note that Medusa has multiple botnets for every campaign, such as DHL or Flash Player, so we expect the numbers to be much higher and very close to what we are observing with Cabassous. At the time of writing, this side-by-side campaign is still ongoing.
“After targeting Turkish financial organisations in its first period of activity in 2020, Medusa has now switched its focus to North America and Europe, which results in significant number of infected devices. Powered with multiple remote access features, Medusa poses a critical threat to financial organisations in targeted regions.”
To help keep you safe, don’t download apps from unknown sources and be wary of messages you receive out of the blue claiming to be from a big name company that’s asking you to respond urgently.
Tell-tale signs that the message is bogus is if the contact shows up as a random number (big name companies are capable of making sure a contact appears as the firm’s name when you get sent an SMS – even if you don’t have their number saved or if it’s the first time hearing from them) or if you’re being prompted to click on a link that looks garbled or unofficial.
If you’re ever unsure about a text message you receive you can simply head to the company in-question’s official website, contact them directly and ask them about the text you’ve just been sent.
While it may take a little while to do this it will save you plenty of time and stress in the long-run that would be caused by responding to a scammer’s message and giving away crucial login information or sensitive details.
Published at Thu, 10 Feb 2022 07:01:00 +0000
Android users put on alert about dangerous DHL text scam: delete THESE messages
