An old but dangerous malware operating on the Android platform, called FakeSpy, has just re-exported. FakeSpy, originally discovered by security researchers nearly 3 years ago, is a particularly dangerous malware designed to steal messages, financial data, bank login information, data Application data, contacts, and more stored on the user’s device.
The first generation of FakeSpy was targeted at users in Korea and Japan. However, in this comeback, it has become much more ambitious and is starting to target global users. Some countries currently thought to be in the target of this malware include China, France, Germany, the United Kingdom, and the United States. The current generation of FakeSpy is stronger and more sophisticated than the original, so Android users need to be most vigilant and avoid being fooled by suspicious messages.
The way of spreading of FakeSpy is considered to be quite intelligent, starting with a self-received SMS message sent from a local post office. The message says the post office is trying to deliver a package to users, but cannot deliver because the user is not home. Next, it will provide users with a link that, when clicked, they will accidentally download an application that disguises the post office’s application. Once installed, the application will send a fake message with a link to the website containing malicious code to the user’s entire address book.
An SMS with a link sent by FakeSpy
According to security researchers, the fake applications were developed based on WebView, a popular extension of Android’s View class, which allows developers to display a web page. FakeSpy uses this view to redirect users to the post office’s main website when the application launches, thereby further fooling the victim. This method allows malicious apps to look decent, especially when the application icons and their user interface are all taken from the original website.
If a user accidentally downloads a fake application, the malware essentially gains full access to their device. As mentioned above, it can read messages, send messages, access contact information, and read data on external memory. And yet, it also looks for any banking or cryptocurrency apps on the device to steal login information.
In terms of origin, the researchers claim that all the signs collected were pointing to a group of Chinese hackers known as “Roaming Mantis”. Malware authors seem to have put a lot of effort in improving malware, incorporating into it many new upgraded features to make it more sophisticated, capable of better hiding, and equipped with teeth. than. These improvements help FakeSpy become one of the most powerful malware stealing on the market. The researchers predict this malware will continue to evolve with many new features in the future – the only question now is when will the next wave of outbreaks occur?
Needless to say, if you’re using an Android device, be alert to any suspicious messages coming from unfamiliar sources.