A new version of FakeSpy malware was discovered targeting Android users in Japan and Korea.
Security researchers at FortiGuard Labs discovered the new version and said that the campaign has been active since October 2017
The malware is capable of stealing text messages, account information, call records contacts.
The malware is also capable of creating and sending messages to other devices. It also collects the complete list of applications in the device and sends to attackers C&C server.
The attack is initiated through text messages from fake logistic or delivery companies. The text messages will contain a link which will direct users to a malicious website, and when user click any button on the website, it will ask users to enter their phone number to authenticate.
Once entered, it will download a malicious Android application package to the device.
The malware also checks for any banking application on the device. If found it will replace the application interface with a fake one and steal user credentials.
Once infected the malware will start communication with the C&C and also send a list of phone numbers. It will send text messages containing malicious links to all the numbers and try to infect others also.
According to researchers the malware was discovered targeting Japan and South Korean users.
“This malware and the campaign seem to still be in the early days of development. The malware itself is based on an existing codebase, but it shows attempts at improvement by adding different functionalities, not all of which are currently being used, but we cannot say that will be the case for long.” said in the post published by FortiGuard Lab researchers.
You may be interested in reading:Facebook Admits using 2FA Phone Numbers for Targeted Ads