News

Upgraded malware Fakesky is back in play, says cybersecurity firm Cybereason

Hemani Sheth Mumbai | Updated on July 06, 2020 Published on July 06, 2020

Experts warned remote access and phishing are areas where most intrusions can happen

An old Android malware called Fakesky is back on the prowl according to reports.

An updated version of the Fakesky malware has been targeting users across the globe, cybersecurity firm Cybereason Nocturnus reported. The malware is capable of stealing user’s personal information including banking details as per reports.

The malware had been discovered in 2017 when it had targeted users in South Korea and Japan. It has now made a comeback and is targeting users worldwide including China, Taiwan, France, Switzerland, Germany, United Kingdom and the United States among others as per the report.

“A new campaign is up and running using newly improved, significantly more powerful malware as compared to previous versions. FakeSpy is under active development and is evolving rapidly; new versions are released every week with additional evasion techniques and capabilities,” Cybereason said.

The malware masquerades as a postal service app. Hackers use SMS phishing to get users to download this malicious app. The SMS is disguised as an important update from the relevant postal service and contains a link to download the app APK. Once the user downloads the app, the app asks for two permissions- Change SMS App and Ignore Battery Optimisation. These permissions allow the app to intercept SMS received on the device and send a copy to the C2 server as well as continue its operations even after a user turns off and locks their phone.

Once the app has these permissions, it can steal confidential information including user’s contacts, device models, OS versions, telecom provider and banking details.

It then replicates itself by sending an SMS to all the numbers on a user’s contact list.

Researchers at Cybereason suspect a Chinese-speaking group called Roaming Mantis as the threat actors behind the malware.

“The threat actor behind the recent FakeSpy campaign is a Chinese-speaking group called “Roaming Mantis” known to operate mainly in Asia. It is interesting to see that the group has expanded their operation to other regions, such as the United States and Europe,” the report said.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on July 06, 2020
This article is closed for comments.
Please Email the Editor