researchers cyber security defined malicious apps used to steal banking credentials Customer of eight Malaysian banks. Experts shared the details of this scam as a preventative measure, as this technique can be replicated worldwide.

Cybercriminals are trying to steal bank information using fake websites that appear to be legitimate services. They often use domain names that are very similar to official services and even directly copy the design of the original site so as not to be noticed, they explain from Eset.

This campaign was first described in late 2021. Back then, hackers turned out to be the legitimate cleaning service Maid4u. The scam was distributed through Facebook ads, asking potential victims to download the app that actually contains malicious content.

In January 2022, MalwareHunterTeam shared information about three other malicious sites and Android Trojans attributed to this campaign. In addition, Eset researchers found four more fake websites. All seven sites spoof services available only in Malaysia :ssix of them offer cleaning servicesEmails like Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy and MaidACallseventh is a pet store It is called PetsMore.

These fake websites do not offer the option to buy directly through them. Instead, they supposedly contain links to download apps from Google Play.. By clicking on these links, the user is actually redirected not to the official Google store, but to servers controlled by cybercriminals.

“For this attack to be successful, the victims must enable ‘install unknown apps’ on your devices which is disabled by default. It’s worth noting that five of the seven legitimate versions of these services don’t even have an app on Google Play,” said Camilo Gutiérrez Amaya, Head of Eset Latin America Research Lab.

To appear legitimate, apps prompt users to sign in after opening.. The software takes any user input and always reports it as correct. Maintaining the appearance of a genuine online store, malicious apps pretend to offer products and services for purchase using an interface similar to that of the original stores.

When it’s time to pay, victims are presented with two payment options: they can pay by credit card or bank transfer.

Thus, attackers obtain the banking credentials of their victims. After choosing the direct transfer option, victims are presented with a fake FPX payment page and They are asked to select a bank from the eight Malaysian bank options and then enter their credentials.. Banks targeted by this malicious campaign are Maybank, Affin Bank, Public Bank Berhad, CIMB Bank, BSN, RHB, Bank Islam Malaysia and Hong Leong Bank.

After victims submit their banking credentials, they receive an error message stating that the username or password they provided is invalid.. At this point, the entered credentials have already been sent to the malware operators.

Fake online store apps forward all SMS messages received by the victim to attackers if any of those messages contain the code, in order to allow the operators behind this campaign to gain access to their victims’ bank accounts. (2FA) is sent by the bank.

According to the research team, until now this malware campaign has only targeted Malaysia: both the online stores it impersonates and banks targeting the theft of customer credentials are from that country, and the prices of the Apps are shown in Malaysian Ringgit, the local currency.

To protect yourself against such threats, you should:

1. Only go to legitimate websites. Do not enter from links received or seen on networks, as you may be redirected to a wrong page.

2. Be careful when clicking on ads and do not follow the results offered by paid search engines as they may not take you to the official website.

3. Pay attention to the source of the applications you download. When you buy an app, make sure you are redirected to the Google Play store.

4. Enable two-step verification whenever possible. This note explains in detail how to do it, both in email and in social networks and other accounts.

Instead of taking SMS as a second factor; It is appropriate to prefer the use of codes from applications such as Google Authenticator or physical keys.

5. Keep the software up to date.

6. Use a security solution.