VTA-00417 – SMSSpy Campaign to Steal Malaysian Banking User Credential
Recently, Malaysian cybercriminals are using two separate campaigns to steal financial details from victims. In one campaign, they are trying to leverage on the Law Enforcement Agencies(LEA) where the target victim receive a phone call from LEA informing them that they have arrears for their company or are subjected to crime and need to freeze their financial accounts. The victim will need to pay to unfreeze the account and is instructed to download a malicious android application to complete the process of payment.
In the second campaign, attackers use phishing techniques to try to get users to download their malicious android application. In order to tempt potential victims, threat actors usually set up these websites using domain names similar to their impersonating services. This malicious android application is able to view any SMS sent to the phone, including TAC numbers, which are often used to authenticate online transactions.
Severity:
High
Attack Surfaces:
Mobile Application
Tactics:
Credential Access, Initial Access
Techniques:
Phishing, Spearphishing Attachment, Social Engineering
Active Defense Tactics:
Collect, Detect, Disrupt
Active Defense Techniques:
Isolation, Security Controls, Software Manipulation, User Training
Indicator of Compromise:
https://otx.alienvault.com/pulse/62a06bdb7367dbd7ca599cdb
SuperPRO’s Threat Countermeasures Procedures:
1. Adding the IOC signature into endpoint security protection as the custom threat detection rules. Refer to the 1. Adding the IOC signature into endpoint security protection as the custom threat detection rules. Refer to the provided IOC above to create a custom rule to block the respective File Hashes and Hostname, if necessary.
2. Users are recommended to disable the setting of “Allow App Installations from Unknown Sources”.
3. Users are recommended to disable SMS reading permission from untrusted applications.
4. Verify an application permission and the application author or publisher before installing it.
5. Avoid side loading (installing from non-official sources) when you can. If you do need to install Android software from a source other than the trusted marketplace, be sure that it is coming from a reputable source.
6. Always run a reputable anti-virus on your smartphone/mobile devices, and keep it up to date regularly.
7. Do not click on adware or suspicious URL sent through SMS/messaging services.
8. Update the operating system and applications on smartphone/tablet, including the browser, in order to avoid any malicious exploits of security holes in out-dates versions.
9. Users should be trained to recognize common types of Social Engineering tactics.
Contributed by: Aman
Leave a Reply