FakeSpy – an Android malware targeting users in South Korea and Japan allegedly made its first appearance around October 2017. The malware is now reportedly targeting users all around the world, especially users in China, Taiwan, France, Switzerland, Germany, United Kingdom, and the United States.
According to research from cybersecurity firm Cybereason, FakeSpy steals SMS messages and makes it possible to hijack financial data, account credentials, IMEI, application data, contacts, and more.
The malware apparently presents itself as a postal service app, which unsuspecting users may easily install. Once the application is installed, it requests permissions, which is then exploited to steal sensitive credentials.
The researchers have found FakeSpy malware to be masquerading as the following postal services: United States Postal Service, Royal Mail, Deutsche Post, La Poste, Japan Post, Yamato Transport, Chunghwa Post, and Swiss Post.
Based on the research, the team has concluded that a Chinese-speaking group named “Roaming Mantis” is behind FakeSpy. The group has allegedly operated similar campaigns.
“Roaming Mantis is believed to be a Chinese threat actor group first discovered in April 2018 that has continuously evolved. In the beginning, this threat group mainly targeted Asian countries. Now, they are expanding their activity to audiences all around the world,” says Ofir Almkias, a security researcher at Cybereason.
To stay on the safer side, we would recommend you not to install apps from shady third-party sources. You should consider sticking to Google Play Store whenever you’re in the pursuit of new apps. Moreover, you should keep “Install unknown apps” off to avoid a potential incident.
