Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Kaspersky Lab is fighting an epidemic of fake apps.
Kaspersky Lab has identified a new method of fraud using remote access programs. Attackers disguise malware as banking applications, distribute it through instant messengers, and try to gain control over devices running on the Android operating system.
"Last year, judging by the reviews on Google Play, in order to force the victim to find and download a certain program for remote access in the store, attackers invented a variety of techniques. For example, they referred to the fact that the app was renamed allegedly because of sanctions, so it has nothing to do with this or that bank. They tried to intimidate us with the fact that only with this application data will be safe or that it is necessary so that no other device can connect to the client's personal account. There were also other reasons: they allegedly tried to apply for a loan on the user, and to cancel the operation, you need to use the bank's support software. We do not rule out that similar legends could have been used by attackers when they started distributing already modified versions of remote access programs, "said Dmitry Kalinin from Kaspersky Lab.
According to experts, over the past 11 days, about a hundred such attacks have been prevented.
"Attackers copy legitimate remote access apps, one of which is also available on Google Play, but deliberately mislead people by modifying them. They change the program name and icons themselves, add the name and visual of the desired bank, as well as labels in some text fields. Legitimate applications are open source programs, so it was not difficult for attackers to create fake applications based on them, " Kalinin added.
According to the Lab's explanation, criminals first approach people under the guise of a bank support service. The victim is then persuaded to download a fake "support app", which is sent as an installation file. If the user installs this file, fraudsters can only get the necessary information for remote access to the smartphone. Control over the device allows you to log in to a real bank account and steal funds without hindrance.
Huge sums of money have already been stolen in this way. According to the Central Bank of Russia, in the first quarter of 2023, social engineering, which covers this method, accounted for 50.5% of all cases of theft. Criminals stole 4.5 billion rubles through unauthorized transfers, of which banks were able to return only 860 million.
Interestingly, the popularity of the method increased after some large applications were removed from the App Store and Google Play stores due to sanctions. Hackers couldn't help but take advantage of the inconvenience experienced by bank customers.
"In 2022, fraudsters began to actively use social networks and mobile applications to steal money," the Central Bank confirmed. In the period from February 28 to December 31, 2022, the Central Bank initiated the blocking of 1,942 pages in the VKontakte and Odnoklassniki social networks and 23 mobile applications in the App Store, Google Play and other stores.
Kaspersky Lab has identified a new method of fraud using remote access programs. Attackers disguise malware as banking applications, distribute it through instant messengers, and try to gain control over devices running on the Android operating system.
"Last year, judging by the reviews on Google Play, in order to force the victim to find and download a certain program for remote access in the store, attackers invented a variety of techniques. For example, they referred to the fact that the app was renamed allegedly because of sanctions, so it has nothing to do with this or that bank. They tried to intimidate us with the fact that only with this application data will be safe or that it is necessary so that no other device can connect to the client's personal account. There were also other reasons: they allegedly tried to apply for a loan on the user, and to cancel the operation, you need to use the bank's support software. We do not rule out that similar legends could have been used by attackers when they started distributing already modified versions of remote access programs, "said Dmitry Kalinin from Kaspersky Lab.
According to experts, over the past 11 days, about a hundred such attacks have been prevented.
"Attackers copy legitimate remote access apps, one of which is also available on Google Play, but deliberately mislead people by modifying them. They change the program name and icons themselves, add the name and visual of the desired bank, as well as labels in some text fields. Legitimate applications are open source programs, so it was not difficult for attackers to create fake applications based on them, " Kalinin added.
According to the Lab's explanation, criminals first approach people under the guise of a bank support service. The victim is then persuaded to download a fake "support app", which is sent as an installation file. If the user installs this file, fraudsters can only get the necessary information for remote access to the smartphone. Control over the device allows you to log in to a real bank account and steal funds without hindrance.
Huge sums of money have already been stolen in this way. According to the Central Bank of Russia, in the first quarter of 2023, social engineering, which covers this method, accounted for 50.5% of all cases of theft. Criminals stole 4.5 billion rubles through unauthorized transfers, of which banks were able to return only 860 million.
Interestingly, the popularity of the method increased after some large applications were removed from the App Store and Google Play stores due to sanctions. Hackers couldn't help but take advantage of the inconvenience experienced by bank customers.
"In 2022, fraudsters began to actively use social networks and mobile applications to steal money," the Central Bank confirmed. In the period from February 28 to December 31, 2022, the Central Bank initiated the blocking of 1,942 pages in the VKontakte and Odnoklassniki social networks and 23 mobile applications in the App Store, Google Play and other stores.
