Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Housekeeping Services. Show all posts

Android App Enacting as a Housekeeping Service Steal Malaysian Individuals Bank Credentials

 

A bogus Android software poses as a housekeeping service to obtain online banking passwords from clients of eight Malaysian banks. To market the fraudulent APK, 'Cleaning Service Malaysia,' the software is promoted through multiple false or duplicated websites and social media profiles. 

This software was discovered by MalwareHunterTeam last week and was then investigated by Cyble researchers, who provided thorough information on the app's dangerous activity. 

When customers install the app, they are asked to authorize at least 24 permissions, including the hazardous 'RECEIVE SMS,' that allows the program to observe and read any SMS texts received on the phone. 

This privilege is misused by intercepting SMS messages to collect one-time passwords and MFA codes for e-banking services, that are subsequently forwarded to the attacker's server. When the infected app is launched, it will display a form asking the user to schedule a house cleaning service. The user is asked to select a payment option after entering their cleaning service details (name, address, phone number) into the bogus app. 

This phase displays a list of Malaysian banks and internet banking alternatives, and if the victim clicks on one, they are directed to a phony login page designed to seem like the actual one. 

Every login page is hosted on the actor's server, however, the victim seems to have no means of knowing from within the app's interface. Any banking information entered in this phase is given straight to the attackers, who can use them in conjunction with an acquired SMS code to get access to the victim's e-banking account.

The low follower count and recent creation date of the social media profiles that promote these APKs are apparent indicators of fraud. 

An additional problem is a mismatch in the contact information provided. Because the majority of the decoy sites chose legitimate cleaning services to impersonate, variations in phone numbers or email addresses are a major red flag. The requested privileges also signal that something is wrong because a cleaning service software has no logical reason to request access to a device's texts. 

To reduce the possibility of falling prey to this type of phishing attempt, one must only download Android apps from the authorized Google Play Store. 

Moreover, one should always carefully evaluate the permissions asked and must not download an app that requests more permissions than it should for its functionality. 

Finally, keep the device up to date by installing the most recent security updates and employing a trusted vendor's mobile security solution.