Attackers scam access to online banking using fake apps
Attackers began to actively distribute modified versions of programs for remote access in messengers under the guise of applications of support services for Russian banks. They change the program names and icons themselves (add the name and visual of the desired bank), as well as the inscriptions in some text fields.
As Kaspersky Lab experts described the scheme, this is “a new round in the evolution of banking fraud on Android.”
Kaspersky Lab discovered a “new round of evolution” of banking fraud on Android
The scheme itself looks like this: first, the scammer calls a potential victim, in most cases via a messenger. He introduces himself as a bank support employee and, under various pretexts, encourages a person to install an application that he sends in a message in the form of a file – an installation package. After that, the scammer only needs to find out from the gullible victim the necessary data in order to gain remote access to the smartphone.
Previously, attackers have already used one of the programs for remote access to fraudulently get into online banking on mobile devices. Now the scheme of deception has evolved: probably, the scammers realized that many are confused by the name and appearance of the software that is not related to banks, so they began to send modified versions of programs to users in popular instant messengers.
Kaspersky Lab defines modified versions of remote access applications as Trojan.AndroidOS.Fakeapp.fm.
