430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Fake Versions of World Cup 2014 Apps targeting Android users

Security Experts at Trend Micro have discovered different World Cup themed malicious application targeting Android mobile devices. The World Cup 2014 is an excellent occasion for cyber criminals to trick users with social engineering techniques into downloading any kind of malicious content. Of course mobile users are a privileged target for cyber criminals, different World Cup-themed […]

Fake Versions of World Cup 2014 Apps targeting Android users

Security Experts at Trend Micro have discovered different World Cup themed malicious application targeting Android mobile devices.

The World Cup 2014 is an excellent occasion for cyber criminals to trick users with social engineering techniques into downloading any kind of malicious content. Of course mobile users are a privileged target for cyber criminals, different World Cup-themed malicious apps have been detected by security experts in this period, Trend Micro recently warned users of the presence of fake versions of World Cup 2014 Apps. According to experts at Trend Micro more than 375 spurious apps are targeting Android users that are downloading them from third-party app stores.

“We found these malicious apps lurking in unauthorized/third party app download stores, just waiting for users to install them on their mobile devices. Upon analysis, we found that the bulk of the malware in question are variants of prevalent mobile malware families,” reports a blog post by Trend Micro.

The malware experts detected variants of Android trojan OpFake in the third-party app stores, the malicious code is currently adoèted in numerous scam schema, the researchers were principally concerned by malicious apps which were spreading “SMS Stealer” Android malware.

Another malware family very popular within malicious apps discovered is ANDROIDOS_SMSSTEALER.HBT, the version detected was improved with remote control capabilities which allows the attackers to execute commands on the victim’s devices, including a block of incoming texts, sending SMS to other numbers, or installing additional malicious applications.

Word Cup games app

 

Experts also discovered malicious World Cup apps with a new variant of malware dubbed ANDROIDOS_OPFAKE.HTG, a typical Premium Service Abuser which affected users find themselves charged with premium service fees that they never themselves purchased.

Slot Game Swindling is another profitable activity for World Cup scammers, as explained by the experts at Trend Micro, malicious World Cup slot game apps were detected as ANDROIDOS_MASNU.HNT.

The malicious apps implement filtering user payment confirmation messages, “so that users may not notice the real amount of money they’ve been paying when playing this game, and thus spend more without restraint.”

“Some football betting apps have also been found leaking information without user notification, as well as blatant security risks in their micropayment process. We advise users to be very careful with their financial and personal information when using these apps (or not to use them at all).” states the blog post.

Trend Micro detected many other World Cup-themed malicious apps which implements various routines for data stealing and pushing ad notifications/unwanted app advertisements.

Be aware, do not download applications from third-party app stores and adopt security solutions on their mobile devices.

Pierluigi Paganini

(Security Affairs –  World Cup 2014, mobile)