silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,154
Japanese cybersecurity experts have identified a new variant of the FakeCop info stealer hiding behind the name of a legit privacy service app for Android by NTT Docomo called ‘Anshin Security.’ This spyware distributes a malicious APK in phishing links via email or SMS masked as the Japanese company KDDI. This malware also registered on 22 out of 62 AV engines on VirusTotal, which indicates that it has been developed to stay hidden across many parameters.
According to the cybersecurity firm Cyble, it collects SMS, contacts, accounts information, and apps list, modify or delete SMSs in the device database, device hardware information (IMEI), and sends SMS without the user’s knowledge.
FakeCop also uses the ‘duckdns.org’ free dynamic DNS used to deliver, which was also used for other malware Medusa and Flubot. From that, the researchers have speculated that FakeCop might be a new malware from the same operators as Medusa and Flubot.
Users are recommended to use the latest versions of Google Play Protect, activate them, and also not click on unconfirmed URL links in SMS and email. They can also avoid installing APK files outside Google Play Store to avoid FakeCop and other malware.
New Android Spyware Threat Poses as Antivirus in Japan
An Android spyware is spreading rapidly in Japan, disguised as an anti-virus software. The malware is a new variant of FakeCop parading as 'Anshin Security,' flagging other antivirus for deletion while gathering a wide range of user data. The distribution is based on malicious URLs sent via...
www.technadu.com