Credentials Stealing Android App Spreading via SMS Text Message

Credentials Stealing Android App Spreading via SMS Text Message

Would you share this Article with others?

Security researchers at FireEye have discovered a malicious Android app (malware) created by cybercriminals that phish for or harvest credentials (usernames and passwords) for popular social networking and banking websites. The malicious Android app is being spread by SMS Text messages. The fake or phishing SMS text messages below are some of the few that are being sent to potential victims by cybercriminals, which will download and install the malicious Android app on their mobile devices.

The Phishing SMS Text Messages

  • “We could not deliver your order. Please check your shipping information here http://bit .ly/1ZfcNeV”
  • “Vi kunne ikke levere din ordre. Kontroller venligst dine forsendelsesoplysninger her http://bit.ly/1ZfcNeV”

Remember, the link in the phishing SMS text messages will download and install the malicious Android app on the victims’ mobile devices when clicked or tapped. Therefore, recipients of the malicious SMS texts are asked to delete them, and should never click on the link in them.

Now, this is why it is not recommended that mobile users click on links they have received in unsolicited SMS text or emails messages to install mobile apps. It is recommended that Android users only install apps from the Google Play Store.

How The Malicious App Works?

Once potential victims’ mobile devices are infected, the malicious app will invisibly place itself over the most popular apps on the mobile devices, or create an overlay. Once the users of the infected devices tap or click on the “overlay” app, the malicious app shows a fake sign-in window or view. And, once the mobile users attempt to sign-in, thinking they are signing into the legitimate app, the malicious app will send their credentials to cybercriminals via a remote computer server. Once cybercriminals have their potential victims’ credentials, they will hijack their accounts and use them fraudulently.

Victims of the credential stealing Android app are asked to change their social media and other online account passwords, and remove unknown apps from their mobile devices. They should also ensure that they have antivirus installed on their mobile devices.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
There are no comments as yet, please leave one below or revisit.

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Credentials Stealing Android App Spreading via SMS Text Message