In this case, the new and aggressive campaign to capture authentication data on BBVA customers. This is a new method which is similar to BBVA and Santander SMS scam but has a new attack method. Again, they act like a bankbut the APK you’re invited to install is quieter than ever.

A new method to steal user data

simple twitter search makes it clear that we are facing a new campaign to steal user data. In this case, a message will appear stating this. our account has been suspended and to login we need to do this via the ‘BBVA Protect’ application.

In other cases, it is stated that we will not be able to use our account after X days and it is mandatory to download BBVA Protect to prevent the account from being blocked. If we download the specified application and give permissionWe will let them steal our text messages.

After that consult experts, tell us this malware works differently from the Trojan Horse Flubot, which hides behind banking scam and messaging apps. In this case, the app works like a security app, with an interface that simulates performing certain analyzes and checks.

“After installation, the application requests permission to access text messages under the premise that they are being scanned.” Linuxct, cybersecurity expert.

But what it actually does is send data to the server in order to steal two factor authentication messages that banks send us and abuse the “android.permission.RECEIVE_SMS” permission. In an other saying, stealing information from SMS to get data about our login. The domain the malware refers to has been registered since 2020, but first spotted a few days ago.

As we always say, in general, a bank will never invite you to install an app from SMS and much less, an APK outside of the Play Store. Don’t trust, don’t download anything and in case of mistake, don’t allow such apps so they can’t steal our information.