A dangerous piece of Android malware from years past called FakeSpy has made a comeback in a big way, according to a report from Cybereason. FakeSpy, which was first discovered three years ago, is designed to steal a user’s text messages, financial data, bank login information, contact lists, and more. The original version of FakeSpy targeted users in South Korea and Japan, but recently FakeSpy has started to target users across the globe. Victims have been reported in China, France, Germany, the UK, and the United States. This current version of FakeSpy is also said to be more powerful and sophisticated than the original version.
The FakeSpy infection begins with an SMS message that claims to be from your local post office. The message claims that the post office tried to deliver a package but was unable to do so because the recipient wasn’t home. The message provides a link that directs them to a download disguised as a legitimate postal service app. Once installed on a device, the app will send the fake text and the malicious link to the victim’s entire contact list.
The Website Cybereason adds: “The fake applications are built using WebView, a popular extension of Android’s View class that lets the developer show a webpage. FakeSpy uses this view to redirect users to the original post office carrier webpage on launch of the application, continuing the deception. This allows the application to appear legitimate, especially given these applications icons and user interface.“
Once the victim installs the fake app, the malware essentially has total access to the user’s device. It can read text messages, send text messages, access contact information, and read storage. Beyond that, the app is focused on looking for any banking or cryptocurrency-related data to steal login information.
Cybereason concludes: “The malware authors seem to be putting a lot of effort into improving this malware, bundling it with numerous new upgrades that make it more sophisticated, evasive, and well-equipped. These improvements render FakeSpy one of the most powerful information stealers on the market. We anticipate this malware to continue to evolve with additional new features; the only question now is when we will see the next wave.“
As always, Android users should remain vigilant and avoid answering or opening any text messages coming from unfamiliar contacts.
