• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » Beware using postal and parcel apps

Beware using postal and parcel apps

by Chris Stokel-Walker
11 August 2020
in Security
0
man holding a phone with delivery message on the screen
0
SHARES
As we’re ordering more online, the attack vectors for hackers become more obvious

Cybercriminals know how to capitalize on changes in society – and the resurgence of a long-feared strain of mobile malware shows that hackers are adapting to the way we’re all shopping. FakeSpy, an Android-based mobile malware strain that first emerged in October 2017, has seen a comeback in recent months.

When it first came to fame in 2017, FakeSpy initially targeted users in South Korea and Japan. But the new use of it is going global, according to cybersecurity researchers Cybereason Nocturnus: it’s been seen in China, Taiwan, France, Switzerland, Germany, the United Kingdom, and the United States.

The malware is being hidden in apps that purport to be those supported by postal services and courier companies operating in those countries, requesting permission to access SMS messages and other data, including contact lists. 

Hitting people where it hurts

The vector of attack is a logical one, given the strange times in which we live. Worldwide lockdowns and the forced closure of many non-essential shops has resulted in a mass migration to online shopping.

The UK’s Office for National Statistics (ONS) shows that the share of retail spending online jumped from around 19% in 2019 to 33.4% in May 2020 – the highest the ONS has ever recorded. At the same time, online shopping has increased everywhere else, including a 20% year-on-year jump in the United States as the coronavirus really hit the country.

All those additional parcels purchased online have to be delivered, and customers love to track them. As a result, we’re seeing more reliance on tracking apps – which is where the cybercriminals have spotted their point of entry.

Souped-up malware

But the modern version of FakeSpy isn’t just the same old malware repurposed to meet the vulnerabilities of these times. It’s been improved upon, and Cybereason says that Roaming Mantis, the Chinese-speaking group believed to be behind the malware, are updating the malware weekly to avoid detection.

FakeSpy gets onto devices through a smishing attack – or SMS phishing. Users receive a text message pretending to be from a postal service encouraging them to download the malware-laden app in order to track their package. Once they do, the malware “exfiltrates and sends SMS messages, steals financial and application data, reads account information and contact lists, and more,” according to the researchers.

Among the companies whose apps have been spoofed by the FakeSpy malware are Deutsche Post, USPS (the US postal service), Britain’s Royal Mail, France’s La Poste, and Swiss Post. 

Real websites, fake apps

The app takes advantage of Android’s WebView extension to the View class, allowing users to be more easily conned. The apps containing the malware redirect users using the WebView extension to the legitimate company’s websites when they launch the app, all while hiding the secretion away of data that’s going on behind the scenes.

The information that the malware takes away from a user’s phone is relatively comprehensive. It looks at a phone’s number, contacts, text messages, and more, and can be used to develop a pattern of behavior that could then be used for more serious attacks.

The link to a Chinese-speaking hacking collective is perhaps most concerning for those watching developments here. The expansion of the target markets from Asia to the West is also a worry for those watching how things develop, as it indicates increasing attempts to spread this malware beyond the immediate area around China.The advice for how to remain safe while adapting to the new norm of online deliveries and the companies’ associated apps is simple: stick solely to official app stores, rather than relying on potentially shady links delivered in SMS messages.

ShareTweetShareShare

Related Posts

Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Nohow International leaks sensitive worker data

12,000+ workers’ IDs, banking details, and other personal data leaked by UK staffing agency

14 January 2021
Email icon on laptop screen

How phishing attacks are evolving and why you should care

14 January 2021
Ransom message on laptop screen

Why ransomware attacks will explode in 2021

12 January 2021
Next Post
Two young men playing esports

Will the US Tencent ban end League of Legends esports?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    81962 shares
    Share 81952 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • Tutanota vs. ProtonMail: which is the better secure email service?

    0 shares
    Share 0 Tweet 0
  • 1 million highly sensitive NSFW pictures leaked by Korean teen dating app

    59 shares
    Share 59 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
NSFW: tech support workers share their oddest job experiences

NSFW: tech support workers share their oddest job experiences

15 January 2021
This fake TikTok service promises free followers but gives you free malware instead

This fake TikTok service promises free followers but gives you free malware instead

15 January 2021

These researchers create mouth-watering (but fake) pizza images. Why?

15 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

15 January 2021
An unintended consequence: can deepfakes kill video evidence?

An unintended consequence: can deepfakes kill video evidence?

14 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!