The number of users being tricked into installing fake software and having their bank accounts hijacked continues to rise.

With the newly discovered scam campaign, after tricking the victim into clicking on the link to download the fake app, the subjects will instruct the victim to install the app and grant full permissions to the application. (Photo provided by the Department of Information Security)

Previously, on July 5, a representative of the Department of Information Security, Ministry of Information and Communications said that in the past week, there has been a campaign on Vietnamese cyberspace to trick people into installing fake apps of the Government and the General Department of Taxation.

According to analysis by experts from the Department of Information Security, in the above-mentioned campaign of fraudulent ".apk" malware apps impersonating the General Department of Taxation and the Government app, the group used nearly 195 different systems to scam people.

On the evening of July 7, along with updating new information about the increase in the number of users whose bank accounts were hijacked due to downloading and installing fake software, expert Vu Ngoc Son, Technical Director of NCS Company, also explained how malware can help hackers remotely control and execute money transfer orders on the victim's phone.

Specifically, according to the explanation of expert Vu Ngoc Son, normally, each application on the phone is created by the operating system in a "sandbox" for execution. That helps this application not to read data nor interfere with the operation of other applications. This highly secure design helps the phone, in case it is infected with malware, the malware cannot steal data from applications on the device.

However, a Google design in Android called Accessibility Service, which is intended to help people with visual impairments or mobility loss use their smartphones, has been exploited by hackers. Hackers use Accessibility Service to program malicious code that can read content and interact with other applications. This breaks Google's "sandbox" security design.

Although Google soon realized the danger of Accessibility Service by removing almost all applications using this permission on Google Play, hackers once again found a loophole, which is to distribute software on unofficial markets - where all of Google's censorship measures cannot interfere.

“This is also the reason why the malware that stole money from bank accounts in recent incidents in Vietnam is not available on Google Play, but is posted on direct download links for .apk files. In this way, the scammer will trick users into granting Accessibility rights to the fake application. After being granted rights, the fake application can lie in wait like a spy, collect information, even control banking applications, enter accounts, passwords, and then OTP codes to transfer money,” expert Vu Ngoc Son analyzed.

Based on the "decoding" of the operating mechanism of the malware installed in fake Government and General Department of Taxation apps, expert Vu Ngoc Son recommends that users should be vigilant at this time with requests to install software, especially software on Android. In particular, absolutely do not grant Accessibility permission. All applications of banks, taxes or any other agencies do not require users to have this permission.

Currently, fake apps only work on the Android operating system. (Illustration: PhoneWorld)

Sharing more about the form of fraud, appropriating users' assets by tricking them into installing fake apps containing malicious code, experts from NCS Company assessed that this is not a new form of attack, hackers often impersonate an agency or organization to trick users into installing fake apps on their phones.

In addition, currently fake applications only work on the Android operating system, the software download link is outside the CHPlay application market. iPhone phones currently do not allow installation from sources outside the Apple Store application market, so they are not attacked in this way.

To avoid this scam, experts recommend that users pay attention to a few principles: For Android phones, only install applications by going directly to CHPlay and finding the corresponding software there. Similarly, for iPhone phones, users only install from the Apple Store.

In addition, users should not click on links received via text messages. In case of doubt, users should re-verify with relevant agencies and organizations via the officially published phone number.