a new one Android malware the campaign is using Social engineering and various other tricks to trick unsuspecting users into installing malware capable of draining their bank accounts.
As reported BleepingComputerthis particular campaign only affects users of the best android phones in Finland at the moment. However, it remains a great example of the types of tactics and means hackers use to trick people into installing malicious applications.
According to the Finnish Transport and Communications Agency (Traficom), this attack starts with a text message that instructs the recipient to call a phone number. When they do, a scammer on the other end tells them to install a McAfee app to protect themselves.
While you should never install an app that someone coerces you over the phone, the initial text messages in this campaign appear to come from banks or payment service providers that use counterfeiting technology.
Here’s everything you need to know about this new malware campaign and how you can avoid falling victim to it and others like it.
Malware sideloading
Instead of coming from Google Play Store or other official app store, this fake McAfee app comes as Android APK file which it should be side loaded on the victim’s phone. This is a major red flag and a clear giveaway that this is a scam, as no bank or financial service provider would ever ask their customers to download an app.
Even so, many end users have fallen for this scam with Traficom reporting that one victim lost over $100,000. In fact, this scam has gotten so bad that financial services provider OP Financial Group posted a separate alert on its website warning its customers about text messages impersonating banks or national authorities.
While Finnish authorities did not name the variety of malware used in this campaign, BleepingComptuer noted that it resembled a Vultur Banking Trojan campaign since the beginning of this year.
This new Vultur variant uses a combination of smiling (phishing by SMS) i phone call attacks to convince potential victims to download a fake McAfee Security app. Sound familiar? It should be, as this is pretty much the same attack scenario used in this new campaign.
For those who have accidentally installed this malicious app posing as McAfee, you should immediately call your bank to activate protection measures and restore your compromised Android phone to factory settings. You’ll lose your apps and other data, but doing so will wipe the malware off your phone.
How to stay safe from Android malware
Android malware has the potential to completely change your life if you’re not careful. This is why you want to be extremely cautious when installing any new apps on your smartphone.
In addition to not sideloading apps, you also want to check the ratings and reviews of any apps you download from the Google Play Store or other official Android app stores, such as the Samsung Galaxy Store or Amazon Appstore. Since reviews and ratings can be faked, I always recommend looking for video reviews as well so you can see the app in action before installing it.
When you install a new app, pay close attention to the permissions it asks for. Malicious apps that spread malware often ask for access unnecessary permissions as a means of accessing your phone. For example, a simple utility app like a calculator doesn’t need access to your photos or the ability to see your contacts. As for which permissions are an immediate red flag, Accessibility services is a permission that is often abused by malicious apps, as it gives the hackers behind almost complete control over your phone.
Since it comes pre-installed on most Android phones, you want to make sure that too Google Play Protect is enabled as it scans all existing and new apps you download for malware. However, for added protection, you may also want to consider installing one best antivirus apps for android as they often include additional security features such as vpn or password manager.
Fraudsters and hackers will continue to come up with clever new ways to infect users with malware as companies like Google and law enforcement agencies get better at their tricks. As such, it’s up to you to be careful online and not let your emotions get the best of you when dealing with text messages or other communications sent by unknown senders or even people pretending to be someone they’re not. .
More from Tom’s Guide
#Scammers #tricking #Android #users #installing #fake #antivirus #app #malware #stay #safe
Image Source : www.tomsguide.com