Dubbed FakeSpy, the malware is sent in text messages. Once the virus has infected a smartphone, it leverages the handset to distribute itself even further. According to researchers, the cyber-criminal operation behind it is finding a huge amount of success.
FakeSpy malware has been in the wild since 2017. It was initialled used to target smartphone owners in Japan and South Korea, however, it has expanded more recently to target Android users across the globe. Newly tailored attacks are being used in Asia, Europe, and North America.
The malware is designed to pilfer sensitive information from your smartphone.
It not only takes information from your SMS messages, but also financial information, apps and other account information stored on your handset. Even worse, FakeSpy can read contact lists – leaving it with truckloads of additional phone numbers to enable it to continue sending its malicious texts.
FakeSpy is the underlying malware that powers the scams, but the techniques used to trick people into running the nasty software vary between counties. After all, what works in North America might not work on those in Japan.
In the UK, a number of people have been tricked into triggering the malware with text messages designed to look like missed delivery messages from Royal Mail. The link in the message sends you a fake version of the Royal Mail app that infects your device with FakeSpy.
Meanwhile in the US, the text messages send users to a fake US Postal Service app.
Attempting to download these apps – and granting them the permissions requested – is what enables FakeSpy to trawl through contacts information, text message history, financial information and more. According to researchers, since FakeSpy is considered to be under “active development” and “evolving rapidly” its capabilities are likely to expand dramatically over the coming weeks. So, it’s possible things will get worse.
Head of Threat Research at Cybereason Assaf Dahan told ZDNet: “We are under the impression that this attack is what we often refer to as ‘spray and pray’. I don’t believe they are aimed at a particular individual, but instead the threat actors try their luck, casting a rather wide net, and waiting for someone to take a bite.
“We see new developments and features added to the code all the time, so my guess is that business is good for them.”