Attackers stealing credentials using fake Telecom provider’s app

We rely heavily on the telecom industry in this interconnected world, from email and messaging to phone and video calls. This makes the telecommunication industry a favorite target for cyber attackers.

The latest concern is an Android-based phishing campaign aimed at customers of Japanese telecommunications services. According to the report, attackers set up numerous domains to promote a forged Android software of a telecom company.

It is a typical but effective approach that involves impersonating a popular application. The attackers are using this technique to steal credentials and session cookies.

How does this malware work?

  • When this fake app is launched, the fake app redirects you to the official website of the telecommunications payment service.
  • To attract victims, the software displays the official payments URL in WebView and masks malicious strings to prevent reverse engineering and discovery.
  • After the information is stolen, it is transferred over Simple Mail Transfer Protocol to an attacker’s email address.

It is recommended that you should only download apps from trusted sources. Make sure that Google Play Protect is enabled on your devices and also be careful while enabling the permissions.