Researchers from the ThreatFabric company spoke about a new vishing scheme (aka «voice fishing»), in which attackers trick victims into installing Copybara Android malware on their devices.
우리도 그렇게 썼다는 것을 상기시켜 드리겠습니다. Experts described how 기계적 인조 인간 malware infiltrates the Google Play Store, 그리고 그것도 Malware Roaming Mantis Devours Thousands of Devices around the World.
Experts have discovered a network of phishing sites targeting users of Italian banks. 사실은, these resources are designed to swindle the contact details of the victims. The collected information is then used in vishing or phone-based attacks, 그건, attackers call victims using data from fraudulent sites.
Attack Scheme
일반적으로, the caller poses as a bank help desk employee and instructs the person on the other end of the line to install a “security app” and grant them all the necessary permissions. 사실은, this application is a malware designed to gain remote access to the device or commit financial fraud.
In the campaign described by the researchers, scammers distribute malware dubbed 복사 가능. This is a mobile Trojan first discovered back in November 2021, which is used mainly for overlay attacks targeting Italian users. Experts note that Copybara is often confused with another similar malware family known as BRATA.
According to ThreatFabric, the Copybara distribution campaign has been going on for about a year now.
Like many Android malware, RAT Copybara relies on abusing the Accessibility services API to collect sensitive information and even remove the downloader app to cover its tracks.
게다가, analysts noticed that the malware delivers another malware to the victim’s device, SMS Spy, which allows attackers to access all incoming SMS messages and intercept one-time passwords sent by banks.
Experts write that in general, such attacks are more difficult for attackers to execute and maintain, but they are becoming more popular, along with classic Google Play Store droppers, fraudulent advertising and SMS phishing.
코멘트를 남겨주세요