fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Malicious Android App Steals Malaysian Bank Credentials, MFA codes

Malicious Android App Steals Malaysian Bank Credentials, MFA codes

A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks.

The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, ‘Cleaning Service Malaysia.’

This app was first spotted by MalwareHunterTeam last week and was subsequently analyzed by researchers at Cyble, who provide detailed information on the app’s malicious behavior.

“cleaningservicemalaysia.apk”: 7845bb247dbfad94018047afbb2f5e1d9e54752b620d995033c695d9a2d104a0 pic.twitter.com/wx6nM2GFdX— MalwareHunterTeam (@malwrhunterteam) November 25, 2021

Phishing process

Upon installing the app, users are requested to approve no less than 24 permissions, including the risky ‘RECEIVE_SMS,’ which allows the app to monitor and read all SMS texts received on the phone.

This permission is abused for monitoring SMS texts to steal one-time passwords and MFA codes used in e-banking services, which are then sent to the attacker’s server.

Also Read: Thinking of Shredding or Burning Paper? Here’s What You Should Know

Exfiltrating SMS content from the victim's device
Exfiltrating SMS content from the victim’s device.
Source: Cyble

Once launched, the malicious app will display a form asking the user to reserve a house cleaning appointment.

Fake house cleaning reservation
Fake house cleaning reservation
Source: Cyble

Once the user enters their cleaning service details (name, address, phone number) on the fake app, they are prompted to select a payment method.

Selecting the e-banking services on the app
Selecting the payment method in the app
Source: Cyble

This step offers a selection of Malaysian banks and internet banking options, and if the victim clicks on one, they are taken to a fake login page created to mimic the appearance of the real one.

This login page is hosted on the actor’s infrastructure, but of course, the victim has no way to realize that from inside the app’s interface.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

Phishing layout mimicking the real login page.
Phishing layout mimicking the real login page.
Source: Cyble

Any banking credentials entered in this step are sent directly to the actors, who can use them along with an intercepted SMS code to access the victim’s e-banking account.

Signs of fraud

Some clear signs of fraud in the social media accounts that promote these APKs are their low follower count and the fact that they were created very recently.

Another issue is a mismatch in the provided contact details. Because most of the decoy sites picked real cleaning services to mimic, telephone numbers or email differences are a big red flag.

Fake housekeeping site created by threat actors
Fake housekeeping site created by threat actors
Source: Cyble

The requested permissions also indicate something is not right, as a cleaning service app does not have a legitimate reason to request access to a device’s texts.

To minimize the chances of falling victim to phishing attacks of this kind, only download Android apps from the official Google Play Store.

Furthermore, always review the requested permissions carefully and do not install an app that is asking for greater privileges than it should require for its functionality.

Finally, keep your device up to date by applying the latest available security updates and using a mobile security solution from a reputable vendor.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us