Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » Security » Beware using postal and parcel apps

Beware using postal and parcel apps

by Chris Stokel-Walker
11 August 2020
in Security
0
man holding a phone with delivery message on the screen
0
SHARES
As we’re ordering more online, the attack vectors for hackers become more obvious

Cybercriminals know how to capitalize on changes in society – and the resurgence of a long-feared strain of mobile malware shows that hackers are adapting to the way we’re all shopping. FakeSpy, an Android-based mobile malware strain that first emerged in October 2017, has seen a comeback in recent months.

When it first came to fame in 2017, FakeSpy initially targeted users in South Korea and Japan. But the new use of it is going global, according to cybersecurity researchers Cybereason Nocturnus: it’s been seen in China, Taiwan, France, Switzerland, Germany, the United Kingdom, and the United States.

The malware is being hidden in apps that purport to be those supported by postal services and courier companies operating in those countries, requesting permission to access SMS messages and other data, including contact lists. 

Hitting people where it hurts

The vector of attack is a logical one, given the strange times in which we live. Worldwide lockdowns and the forced closure of many non-essential shops has resulted in a mass migration to online shopping.

The UK’s Office for National Statistics (ONS) shows that the share of retail spending online jumped from around 19% in 2019 to 33.4% in May 2020 – the highest the ONS has ever recorded. At the same time, online shopping has increased everywhere else, including a 20% year-on-year jump in the United States as the coronavirus really hit the country.

All those additional parcels purchased online have to be delivered, and customers love to track them. As a result, we’re seeing more reliance on tracking apps – which is where the cybercriminals have spotted their point of entry.

Souped-up malware

But the modern version of FakeSpy isn’t just the same old malware repurposed to meet the vulnerabilities of these times. It’s been improved upon, and Cybereason says that Roaming Mantis, the Chinese-speaking group believed to be behind the malware, are updating the malware weekly to avoid detection.

FakeSpy gets onto devices through a smishing attack – or SMS phishing. Users receive a text message pretending to be from a postal service encouraging them to download the malware-laden app in order to track their package. Once they do, the malware “exfiltrates and sends SMS messages, steals financial and application data, reads account information and contact lists, and more,” according to the researchers.

Among the companies whose apps have been spoofed by the FakeSpy malware are Deutsche Post, USPS (the US postal service), Britain’s Royal Mail, France’s La Poste, and Swiss Post. 

Real websites, fake apps

The app takes advantage of Android’s WebView extension to the View class, allowing users to be more easily conned. The apps containing the malware redirect users using the WebView extension to the legitimate company’s websites when they launch the app, all while hiding the secretion away of data that’s going on behind the scenes.

The information that the malware takes away from a user’s phone is relatively comprehensive. It looks at a phone’s number, contacts, text messages, and more, and can be used to develop a pattern of behavior that could then be used for more serious attacks.

The link to a Chinese-speaking hacking collective is perhaps most concerning for those watching developments here. The expansion of the target markets from Asia to the West is also a worry for those watching how things develop, as it indicates increasing attempts to spread this malware beyond the immediate area around China.The advice for how to remain safe while adapting to the new norm of online deliveries and the companies’ associated apps is simple: stick solely to official app stores, rather than relying on potentially shady links delivered in SMS messages.

ShareTweetShareShare
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.