- Aug 17, 2014
Japanese cybersecurity experts have identified a new variant of the FakeCop info stealer hiding behind the name of a legit privacy service app for Android by NTT Docomo called ‘Anshin Security.’ This spyware distributes a malicious APK in phishing links via email or SMS masked as the Japanese company KDDI. This malware also registered on 22 out of 62 AV engines on VirusTotal, which indicates that it has been developed to stay hidden across many parameters.
According to the cybersecurity firm Cyble, it collects SMS, contacts, accounts information, and apps list, modify or delete SMSs in the device database, device hardware information (IMEI), and sends SMS without the user’s knowledge.
FakeCop also uses the ‘duckdns.org’ free dynamic DNS used to deliver, which was also used for other malware Medusa and Flubot. From that, the researchers have speculated that FakeCop might be a new malware from the same operators as Medusa and Flubot.
Users are recommended to use the latest versions of Google Play Protect, activate them, and also not click on unconfirmed URL links in SMS and email. They can also avoid installing APK files outside Google Play Store to avoid FakeCop and other malware.