8-8-2024 (SINGAPORE) A widespread cyber campaign targeting Android devices has been uncovered, prompting warnings from security experts about the potential theft of sensitive SMS data, including one-time passwords (OTPs). The Cyber Security Agency of Singapore (CSA) issued an alert on 6 August, highlighting the risks posed by this mobile malware.
The malicious software, which has been active since 2022, is designed to intercept and retrieve OTPs sent via SMS. These codes are crucial for account registrations and two-factor authentication, serving as an additional layer of security for sensitive information and applications. By compromising these codes, cybercriminals can potentially gain unauthorised access to corporate networks and confidential data.
Mobile security firm Zimperium first raised the alarm about this campaign on 31 July, revealing that victims have been identified in 113 countries. Russia and India appear to be the primary targets of this global threat. However, a CSA spokesperson stated that no local incidents have been reported in Singapore thus far.
The malware’s distribution methods are twofold. One approach involves malicious advertisements that trick users into clicking links leading to fake Google Play website pages. These pages display inflated download counts for malware-infected apps, enticing unsuspecting users to install what they believe to be legitimate applications.
The second method utilises Telegram bots, which offer users seemingly premium apps for free in exchange for their phone numbers. The malware, disguised as an Android application package (APK), is then generated, potentially setting the stage for future targeted cyber attacks.
Once installed, the malicious app requests access to the victim’s SMS messages, enabling the theft of sensitive information.
The scale of this campaign is significant, with Zimperium researchers identifying over 107,000 unique malware apps associated with the operation. Additionally, they have uncovered a network of approximately 2,600 Telegram bots involved in distributing these malicious applications.
This revelation underscores the growing sophistication of cyber threats targeting mobile devices. Android users are advised to exercise caution when downloading apps, particularly from unfamiliar sources or through unconventional channels. Experts recommend sticking to official app stores, regularly updating devices and security software, and being wary of requests for SMS access from newly installed applications.
