According to a report from security firm Zimperium, this campaign has been detected and monitored since February 2022. To date, at least 107,000 related malware samples have been identified.
The malware primarily targets Android devices, with the goal of stealing OTP codes, a type of one-time password, commonly used for two-factor authentication during logins or online transactions.
The campaign used more than 2,600 Telegram bots to spread the malware, controlled by 13 Command & Control (C&C) servers. The victims of this campaign spanned 113 countries, but were most concentrated in India, Russia, Brazil, Mexico, and the United States.
Android users face the risk of having their OTP codes stolen
The malware is distributed in two main ways. Victims can be tricked into visiting fake websites that look like Google Play. Or victims can be tricked into downloading pirated APK apps via Telegram bots. To download the app, users must provide their phone number, which the malware then uses to generate a new APK file, allowing attackers to track or launch further attacks.
When a user unwittingly grants SMS access to a malicious app, the malware will be able to read SMS messages, including OTP codes sent to the phone. This not only allows attackers to steal sensitive information, but also puts the victim at risk of account abuse and even financial fraud.
Once the OTP code is stolen, the attacker can easily access the victim's bank accounts, e-wallets, or other online services, causing serious financial consequences. Not only that, some victims may also be involved in illegal activities without even knowing it.
Zimperium also found that the malware transmitted stolen SMS messages to an API endpoint at 'fastsms.su', a website that sells access to virtual phone numbers in foreign countries. These phone numbers can be used to anonymize online transactions, making them more difficult to trace.
To protect themselves from the risk of being attacked, Android users are advised to:
Do not download APK files from sources outside of Google Play: These files may contain malicious code that can easily steal your information.
Do not grant SMS access to unknown apps: This will limit the risk of malware being able to read messages containing your OTP code.
Enable Play Protect: This is a Google Play security feature that scans and detects malicious apps on your device.
Source: https://www.congluan.vn/nguoi-dung-co-nguy-co-bi-danh-cap-ma-otp-tren-dien-thoai-android-post306111.html
Comment (0)