On mobile, the web, and beyond, it's safe to say that almost everyone could recognize famous brands.
From Google, Instagram, WhatsApp, Snapchat, and X, these brands are almost synonymous with the services they provide. And apparently, hackers are making use of this fact to prey on some people, by developing malicious apps, but use the logos of those brands to appeal to potential victims.
The SonicWall Capture Labs said that this kind of threat exists for quite some time, and it's nothing unusual for malicious actors to use famous brands to lure people.
However, this is the first time that the team finds one that includes extra commands and phishing attacks designed to harvest credentials.
If ever someone fell for the trap and installs the malicious app, the app will prompt the victim the grant it Accessibility Service and Device Admin Permission.
In a blog post, the team said that:
Granting these permission will allow the apps to establish an unrestricted connection with its Command-and-Control server to receive instructions and execute specific tasks accordingly.
Among the things the apps would then do, include:
- Read messages.
- Read call logs.
- Access contact list.
- See installed package name.
- Change device wallpaper.
- Read notification data.
- Open URLs on web browser for phishing.
- Vibrate device.
- Send messages.
- Turn the camera flashlight on and off.
When trying to steal users' credentials, the malicious apps can show phishing URLs to login pages of well-known services, like Facebook, GitHub, Instagram, LinkedIn, Microsoft, Netflix, PayPal, Proton Mail, Snapchat, Tumblr, X, WordPress, and Yahoo!.
Entering anything in the fields will be recorded, and that the data will be sent to the hackers through the apps' Command-and-Control server.
Hackers are always finding new ways to lure unsuspecting users into their traps, and one particularly cunning method is through the use of fake apps disguised as legitimate ones. This way, the hackers can deceive users into believing they're installing something trustworthy.
When dealing with this kind of trickery, users have ways to protect themselves.
First and foremost, they must always be cautious when downloading apps, especially if they're from unfamiliar developers or sources. Stick to official app stores whenever possible, as they typically have stricter security measures in place to weed out malicious apps.
Additionally, pay close attention to the permissions requested by an app during installation. If something seems fishy, it's probably best to steer clear.
And of course, keeping their device's software up-to-date and installing reputable antivirus software can add an extra layer of protection against these sneaky cyber-attacks.