With social networking on the rise, Phishing is also getting common with every passing day. Phishing is one of the most common cybercrimes affecting consumers and organizations all around the world. It is one of the most popular Internet scams.
Phishing is the practice of obtaining sensitive information such as usernames, passwords, social security numbers, or financial information, as well as personal information such as birthdates, names, and addresses, by masquerading as a trustworthy or familiar entity.
Recently Cyble Research Labs discovered an Android-based phishing campaign targeting customers of Japanese telecommunications providers.
“According to our investigation, the Threat Actor(s) (TA) behind this operation has hosted many domains and is spreading a fake version of the legitimate Telecommunication network’s Android app. After examining the sample, we discovered that the malware engages in phishing activities to get credentials and session cookies. It then uploads this information to the TA’s email using Simple Mail Transfer Protocol (SMTP),” explained Cyble Research Labs.
According to the study, attackers set up numerous domains to propagate a fake copy of a telecommunications provider’s Android app.
Launching a malicious app encourages users to connect to the cellular network and turn off Wi-Fi. The fake app redirects to the official website of the telecommunications payment provider. The log-in is a network PIN that the consumer receives when their subscription is confirmed.
The subscriber uses this PIN to authenticate their identity or update some settings. The app displays the official payments URL in WebView and covers malicious strings to prevent reverse engineering and detection. After the data that has been taken, transferred to an attacker’s email address via Simple Mail Transfer Protocol (SMTP).
There are several methods an organization can take to protect itself from phishing. It is critical to ensure that their staff understands the types of attacks they may encounter, the dangers they face, and how to deal with them. When defending your business against phishing attacks, informed personnel and adequately secured systems are critical.
Here are some methods that a company can take to protect itself from phishing:
Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.
Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.