|
Cybereason Discovers Cyber Criminals in China are Targeting Consumers With a Fake U.S Postal Service Mobile App
Thursday, July 9, 2020
Cybereason discovered the cyber crime group Roaming Mantis is luring consumers of postal service and transportation mobile apps into downloading fraudulent apps that look like they are from the US Postal Service, Royal Mail, Japan Post and Deutsche Post.
BOSTON, July 1, 2020 /PRNewswire-PRWeb/ -- Cybereason, a leader in endpoint protection, today published new research from its Nocturnus Research team, titled, FakeSpy Masquerades as Postal Service Apps Around the World, an investigation into a new global Android mobile malware campaign targeting users of mobile postal service and transportation apps such as the U.S. Postal Service, Japan Post, Royal Mail (United Kingdom), Le Poste (France) and Deutsche Post (Germany), amongst others. The campaign is being carried out by the Chinese cyber crime group often referred to as Roaming Mantis.
Roaming Mantis has upgraded FakeSpy malware, which dates back to 2017, to carry out his new campaign. FakeSpy is an information stealer that exfiltrates and sends SMS messages, steals financial and application data, reads account information and contact lists. The malware uses smishing, or SMS phishing, to infiltrate target devices, which is a technique that relies on social engineering. The attackers send fake text messages to lure the victims to click on a malicious link and the link directs them to a malicious web page.
Once installed on an Android device, the application requests permissions so that it may control SMS messages and steal sensitive data on the device, as well as proliferate to other devices in the target device's contact list. The threat actors use postal services themes in their SMS messages. For example, the user will get a pretext such as "missed delivery" or "your package can be collected at" and with a download link for a fake postal service or delivery service app.
"The ultimate motive of Roaming Mantis is financial as they are an organized cybercrime group operating from China for at least 3 years. It is difficult to estimate how many people are behind it, but it is a well oiled operation that keeps expanding. We refer to this type of global campaign as 'spray and pray' where the threat actors aren't focused on any particular individual but they try their luck, casting a rather wide net waiting for large volumes of people to take the bait," said Assaf Dahan, Senior Director, Head of Threat Research, Cybereason.
Earlier this year, Nocturnus discovered EventBot, new Android mobile malware targeting users of more than 200 financial apps, Paypal Business, Barclays, UniCredit, HSBC, CapitalOne, Santander, TransferWise, Coinbase and many more.
About Cybereason
Cybereason, creators of the leading Cyber Defense Platform, gives the advantage back to the defender through a completely new approach to cybersecurity. Cybereason offers endpoint prevention, detection and response and active monitoring. The solution delivers multi-layered endpoint prevention by leveraging signature and signatureless techniques to prevent known and unknown threats in conjunction with behavioral and deception techniques to prevent ransomware and fileless attacks. Cybereason is a privately held, international company, headquartered in Boston, MA with customers in more than 30 countries.
Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook
Media Contacts:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
(929) 259-3261
SOURCE Cybereason
|
|
|
|
|
|
 |
ReasonLabs Unveils Major Updates to RAV VPN for Android Devices | Apr 16, 2024
|
|
GreyNoise Intelligence is a proud participant in the Microsoft Copilot for Security Partner Private Preview | Apr 16, 2024
|
|
Increase in ransomware attacks to healthcare's vulnerable remote access systems threatens patients | Apr 16, 2024
|
|
Anviz Unveils Innovative All-in-One Intelligent Security Solution for SMBs at ISC West 2024 | Apr 16, 2024
|
|
Hawai'i Introduces Its First-Ever Shopping Event In New York | Apr 13, 2024
|
|
Penetration Testing Market worth $3.9 billion by 2029 - Exclusive Report by MarketsandMarkets(TM) | Apr 11, 2024
|
|
Avast Continues Expansion of its Avast One Family of Products Adding Personalized, Modular Cyber Safety | Apr 11, 2024
|
|
Updated Monster Hunter Now Spoofing Method from Tenorshare iAnyGo - 2024 | Apr 11, 2024
|
|
Apiboost Now Available on Google Cloud Marketplace: Simplify External API Portal Management for Apigee | Apr 10, 2024
|
|
AV-Comparatives presents the TOP Cybersecurity Vendors for 2024 - Antivirus Test | Apr 10, 2024
|
|
|
|
