With the advent of smartphones, billions of people are socialising online than ever before. With every passing day, thousands of new users are embracing the digital world and this is also attracting bad actors to prey on naive mobile owners.
In the latest instance, hackers have reportedly incorporated MasterFred malware inside fake Android apps looking similar to Instagram, Netflix, and Twitter. When users try to create an account, they will be asked to submit the username, password and also enter credit card details.
The trojan apps' interface and login overlay look genuine and this fools users to submit financial details, reported Alberto Segura, Malware analyst on Twitter. Segura added that threat actors have even tried faking some bank apps in Turkey and Poland too.
"By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter. Some important things of note to this malware are that the Assets folder within the application is where the html overlays for common applications are stored along with fake bank login overlays in multiple languages," Avast Threat Labs noted.
Once the information gets submitted in-app overlays, the malware sends the information back to the attacker in the dark web using onion[.]ws URL. This will be almost impossible to trace the track of the bad actors and retrieve the stolen financial details.
People have been advised to be careful while installing apps from third-party websites and app stores.
Also, it is wise to install anti-virus apps, which help in detecting and preventing such apps from getting installed on the device.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks