A dangerous phishing campaign is currently raging in France by SMS: the message, accompanied by a link, claims that you have received a package. The user is prompted to install a bogus Chrome update which installs banking malware on the smartphone. The malware then attempts to steal your credentials by claiming that your bank account is “blocked”.
Scams have always existed, but thanks to smartphones, they are becoming more and more sophisticated and dangerous . Of course, the majority of users detect these kinds of attempts before they can cause any damage. However, it is easy to fall into the trap, especially when you have little experience or knowledge in general in IT. On average 45% of users click on links received by SMS or email even when they do not know their origin .
The Pirate Campaign unfolds as follows. The victim ( whose contact details are probably part of a personal data leak …) receives a message, “Your package has been sent. Please check and receive it ” , along with a short link. When the victim clicks on this link, the browser opens to a page urging them to update their Chrome browser “for a better experience”.
BANK PHISHING CAMPAIGNS ARE MORE AND MORE VIRULENT
It then downloads a questionable APK file named “mxpcqpgjyk.apk” out of the Google Play Store . At the end of the installation, the program requests a number of authorizations, in particular the access to your SMS, your calls and your contacts . Unintentionally later, a screen appears. It can be read that access to your bank account is blocked and that it must be reactivated . A page in the colors of your bank then offers you to enter your identifiers in a form. This data is of course transmitted to the pirate control server.
The criminals then have everything they need to rob their victim to the last penny since not only do they have their identifiers but they can also read the codes received by SMS thanks to their malware. To make matters worse, the malware consults your contact list and sends them the same text message to spread. If you recognize this phishing campaign, we obviously recommend that you do not click on the link.
If you installed the malware by accident , start by warning your contacts that they will receive a corrupt SMS and contact your bank to cancel any fraudulent transactions. There is no fix – so it seems reasonable to recommend that you then completely format your Android smartphone back to factory settings with a clean Android install. More generally, it is recommended never to download applications outside of the Google Play Store .