ADVERTISEMENT

Verified Android vendor targets mobile payment systems with web injects

Credential-harvesting web injects targeting mobile banking were sold on the dark web along with cryptocurrency apps.

Android web injects

Image from Shutterstock

Paulina Okunytė
Paulina Okunytė Senior Journalist
Feb 1, 2023 Updated: 2 February 2023 1 min read
Tor-based Online Shop InTheBox
Tor-based Online Shop InTheBox. Image by Cyble

How does a web inject work?

ADVERTISEMENT
overlay harvesting credentials
Overlay interface harvesting credentials. Image by Cyble

How to stay safe?

  1. Download and install software only from trusted sources such as official app stores.
  2. Invest in licensed anti-virus software and keep it updated at all times.
  3. Be wary of opening any links received via messages or emails from unknown sources on your phone.
  4. Enable Google Play Protect on your Android device to stay protected.
  5. Exercise caution while granting any app permissions.
  6. Keep your devices, operating systems, and applications up-to-date.
  7. Pay close attention to security features provided in the latest software updates, and be wary of any prompts for additional inputs such as payment card details.
  8. If you suspect that your device may have been infected, try performing a factory reset or removing the suspect application.
ADVERTISEMENT