Phishing Scam: Japanese Telecom Users’ Credentials Stolen by Fake Android Apps

  • Home
  • Blog
  • Phishing Scam: Japanese Telecom Users’ Credentials Stolen by Fake Android Apps
Phishing Scam: Japanese Telecom Users’ Credentials Stolen by Fake Android Apps

With social networking on the rise, Phishing is also getting common with every passing day. Phishing is one of the most common cybercrimes affecting consumers and organizations all around the world. It is one of the most popular Internet scams.

Phishing is the practice of obtaining sensitive information such as usernames, passwords, social security numbers, or financial information, as well as personal information such as birthdates, names, and addresses, by masquerading as a trustworthy or familiar entity.

Recently Cyble Research Labs discovered an Android-based phishing campaign targeting customers of Japanese telecommunications providers.

“According to our investigation, the Threat Actor(s) (TA) behind this operation has hosted many domains and is spreading a fake version of the legitimate Telecommunication network’s Android app.   After examining the sample, we discovered that the malware engages in phishing activities to get credentials and session cookies. It then uploads this information to the TA’s email using Simple Mail Transfer Protocol (SMTP),” explained Cyble Research Labs.

How Much Damage Happened?

According to the study, attackers set up numerous domains to propagate a fake copy of a telecommunications provider’s Android app.

  • The malware-infected fake software steals credentials as well as session cookies.
  • Researchers identified over 2,900 credentials/cookies taken during this campaign for 797 Android and 2,141 Apple mobile devices.
  • The program requests a few permissions for the attacker to acquire information about the device’s network connections.

How Does The Malware Operate?

Launching a malicious app encourages users to connect to the cellular network and turn off Wi-Fi. The fake app redirects to the official website of the telecommunications payment provider. The log-in is a network PIN that the consumer receives when their subscription is confirmed.

The subscriber uses this PIN to authenticate their identity or update some settings. The app displays the official payments URL in WebView and covers malicious strings to prevent reverse engineering and detection. After the data that has been taken, transferred to an attacker’s email address via Simple Mail Transfer Protocol (SMTP).

How Can Phishing Attacks Be Prevented?

There are several methods an organization can take to protect itself from phishing. It is critical to ensure that their staff understands the types of attacks they may encounter, the dangers they face, and how to deal with them. When defending your business against phishing attacks, informed personnel and adequately secured systems are critical.

Here are some methods that a company can take to protect itself from phishing:

  • Educate your staff and hold fake phishing scenarios in training sessions.
  • Install a SPAM filter that identifies malware, blank senders, etc.
  • update all systems with the most recent security patches and updates.
  • Install an antivirus solution, schedule signature updates, and keep track of the antivirus status on all devices.
  • Create a security policy that addresses password expiration and complexity, among other things.
  • Install a web filter to prevent malicious websites from being accessed.
  • Encrypt all-important company data.
  • Convert HTML emails to text-only emails, or stop HTML emails entirely.
  • Employees who telecommute should be required to use encryption.

Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud.

Want a consultation with the professionals at Rogue Logics, contact us and get a free quote.