[ad_1]
This is an SMS message that you should never open. This means you are a target for attacks that steal your bank account details and even your money.
New Android warning issued to millions of users
getty
This is a threat that is included in the top 10 list of dangerous Trojans that infect Android devices around the world. And now it’s riskier, more evasive, and more likely to trick you into parting with your hard-earned cash.
Fortunately, there are easy ways to stay safe. Read more…
Vultur is a family of banking Trojans that infect devices via droppers and use device control and logging capabilities to steal credentials used to target specific banks. Vultur has become increasingly vigilant in recent years, and new campaigns are expanding their methods to successfully evade defenses.
Here are some highlights, courtesy of NCC’s Fox-IT researchers:
First, you will receive an SMS message asking you to call a helpline if you have not authorized large transactions from your bank account. This call is a scam and the operator will send his second SMS to install a special free version of McAfee to ensure the safety of your device. In reality, this installs Brunhilda’s dropper.
Fox-IT warns, “This dropper decrypts and executes a total of three Vultur-related payloads, giving the attacker complete control over the victim’s mobile device.”
There’s almost no point in continuing reading this. Now you know. Don’t call this number, install a fake McAfee app, and lose all your money. It’s really simple.
However, in reality, this attack is not only technically sophisticated, but also cleverly designed.
The most interesting addition is “the malware’s ability to use Android’s accessibility services to remotely interact with infected devices,” the researchers said. Malware operators can now send commands to perform clicks, scrolls, swipe gestures, and more. ” Additionally, it uses Google’s Firebase Cloud Messaging (FCM) to send scripted commands, eliminating the need for a continuous connection.
New Vultur attack chain
Fox-IT
This attack is malicious and well-designed. The first SMS itself reflects our fear of financial fraud. When we see a large transaction that we didn’t approve of and assume it’s a scam, we experience a heart-stopping moment. We want to take action, but it helps to have a number to call and a friendly operator standing by.
The rules here are clear. Do not believe any SMS message unless you independently verify its contents. This means you either log in to your bank in the normal way, use your normal app, or call your normal helpline. Simply receiving an SMS does not infect your device. Not this time. The only time you put yourself at risk is when you take the next step, in this case, make a phone call, or frequently click on a link.
Although Google offers a variety of protections against dangerous apps, many apps are still at risk. But as soon as you step outside of the Play Store, like here or when using a third-party app store, you’re putting yourself at far greater risk.
Google advises: “Android users are automatically protected from known versions of malware by Google Play Protect by default on Android devices with Google Play Services. , it can warn users or block apps that are known to exhibit malicious behavior.
This attack is nasty. Fox-IT warns: “Vultur’s recent developments demonstrate a shift in focus to maximizing remote control of infected devices, including scrolling, swipe gestures, clicks, volume controls, blocking app execution, and even With the ability to issue commands such as incorporating file manager functionality, it is clear that the primary objective is to gain complete control over the compromised device.”
But that can be easily avoided. That doesn’t mean this campaign won’t adapt or change its mechanics. But if you follow the golden rules of SMS safety, you can almost always protect yourself from danger.
- Never open and delete SMS from brands you don’t use.
- Never click on links in SMS unless you specifically intend to do so. Even then, we recommend avoiding all links.
- If the message is from your bank, Amazon, Apple, or another brand you use, log in normally and do not select the quick link provided.
- Don’t leave suspicious SMS messages in your inbox. Delete the message and then block the number to prevent further messages.
- Filter unknown senders to separate them from known traffic if possible.Once you get an OTP or update from your account, save the number
When it comes to SMS in general, it is a very insecure technology and is currently experiencing a surge in fraudulent traffic. “Who can stop global SMS fraud? And how?” the telecom industry asked itself at February’s MWC. Such smishing attacks are rapidly increasing. US smartphone users alone are scammed out of more than $300 million each year, an increase of 500% in five years. The industry warns that around 400,000 malicious texts are sent every day, affecting nearly half of all smartphone users.
As Bitdefender reported earlier this year, “SMS scams are everywhere, and attackers are always looking for social or political issues they can exploit for profit: package deliveries, government refunds, As scams become more sophisticated, including bank credit issues, anyone can become a victim.”
And ENEA says, “4.8% of global messaging traffic is fraudulent…This is currently pervasive in the messaging ecosystem, with 19.8 billion to 35.7 billion fraudulent messages sent in 2023…Brands Fraudulent messages are costing us $1.16 billion.” ”
So the advice isn’t just about Vultur, it’s more general. These days, if you fall victim to a scam, it’s more likely to happen via your smartphone.
“SMS is as simple as it was when it was first delivered,” said Jake Moore from ESET. “But their simplicity also makes them a prime target for scammers. An unknown phone number associated with a text message is more likely to be accepted and much easier to manipulate than a dubious email address with the same content. It’s amazing that this technology is still so trusted around the world.”
And that’s the crux of the matter. Pay attention the next time your phone pings…
follow me twitter Or LinkedIn.
[ad_2]
Source link
