Kaspersky Lab cybersecurity expert Dmitry Kalinin talked about a new tactic that scammers have started using to gain access to online banking on Android devices.
Attackers began disguising remote access programs as banking applications and actively distributed them via instant messaging. Kalinin noted that in the past 11 days, the company has detected and prevented several hundred attacks using modified programs that had not previously been used in fraud schemes of this type.
Criminals create fake remote access apps by copying official apps that are also available on Google Play. They change the name of the program, icons, add information and visual elements of the bank, and also correct some text fields. Due to the fact that legitimate apps are open source, scammers have no difficulty creating fake apps based on them.
First, a potential victim is called posing as bank support staff and, under various pretenses, convinces a person to install a “support app” for national banks. They then send the app through messenger as an installation file. When a user installs this app on her device, the only thing left for criminals to do is obtain the data necessary for remote access to the device. After that, scammers can figure out the bank’s mobile app login credentials or gain access to the account to steal money.