Italian Android users are the target of a phishing attack in which they are called and tricked into installing malware that would allow criminals to access their bank account, security firm ThreatFabric said. The attack begins with a message that appears to be from Italian banks, pointing victims to a phishing site. The phishing page asks for telephone number, PIN code and account number.
In some cases, victims are also asked to provide secret questions and answers that were filled in during the previous registration with the bank. After victims have entered the data, a message appears that a "bank employee" will call them. The previously entered phone number is used for this. The so-called bank employee who calls informs the victim that he has to install a "security" app.
In reality, it is an Android banking Trojan called "Copybara" that allows attackers to gain access to the victim's device. Fraud is then committed from the victim's device with the previously obtained data. The malware can also delete the original banking app, making it more difficult to detect the fraud.
According to ThreatFabric, "telephone-oriented attack delivery" (TOAD) is becoming increasingly popular with criminals. In addition, the personal approach in combination with social engineering techniques would ensure that there is a high chance of a successful installation of the malware. In addition, attackers would also regularly install legitimate remote access that is not detected by antivirus software.
