A new malware that can make itself look like the user interface of popular applications such as WhatsApp, Uber, and the Google Play Store. The malware which is part of a growing number of malware attacks in the world. The malware is located in Europe at the moment, and it affects users of the Android phone.
The malware which is affecting Android devices at the moment is reported to be detected in Denmark, Italy and Germany at the moment and it has been spreading. The hackers are using phishing methods to spread the malware through SMS, according to the security vendor FireEye.
The malware works after a certain app, or various other apps are downloaded onto a device. They imitate the overlay of one of the apps involved and then sends users fake messages about them, not giving correct shipment details.
The earlier versions of the malware usually targeted the banking apps, but after evolving the malware now is affecting some of the most used apps on the Android platform such as WhatsApp and Google Play. Most of the times users usually input their credit card information and private details into these products just as they do in banking apps, according to the FireEye researcher, Wu Zhou.
Wu said that the cyber attackers were looking to get the biggest financial gain. Therefore, they would normally target apps that are widely used and have a large user base. In some scenarios, the malware is said to have affected YouTube, Uber and the popular Chinese messaging service, WeChat.
In attempts to spread the malware, the hackers have normally used SMS messages which would be accompanied by a link, and they can trick their victims from it. One of the SMS messages sent by the crooks read: “We could not deliver your order. Please check tour shipping information here.”
FireEye noticed that the campaign was spread through five various different campaigns. One lone campaign saw the hackers try to generate at least about 130,000 clicks to where the link was hosted. New versions are also on the market, and they’re hard to detect. Of the 54 antivirus tools tested, only six managed to notice a danger with the malicious coding, FireEye said.
The malware is believed to have servers in the UAE, Germany, Italy, Latvia and the Netherlands.