SRI, the Romanian Information Service, issued an extremely important warning to all Romanian citizens who have a smartphone, and this is because hackers are using the Coronavirus pandemic to carry out very complex and frequent malware attacks.
SRI says that it has identified a malware campaign designed to steal people's bank data through mobile phones, and recommends that if we receive any message/email with the phrase "Secret details! (COVID-19)", let's ignore it completely, additional details are below.
"In the context associated with the SARS-CoV-2 pandemic, a malware distribution campaign aimed at stealing bank credentials from users' mobile terminals has been identified.
From a technical point of view, the illegal action is based on the distribution of a text message containing a new version of the Cerberus Android Banker trojan. The message is written in Romanian and invites users to access a link to download information on SARS-CoV-2. The phrase used in the content of the message is "Secret details! (Covid-19)". The link initiates the download of a file called File.apk which infects mobile devices with Android operating systems, versions between 4.0 and 10, with the Trojan. Cerberus Android Banker features prevent both its detection by the Android-specific Play Protect service and its uninstallation subsequent application by the user.
The main danger is that the Trojan provides illicit access to data from banking applications. Also, Cerberus Android Banker can extract data about the messaging and email applications installed on the targeted device (for example, Telegram, WhatsApp or Gmail), as well as log keystrokes and exfiltrate the data thus obtained.
It also allows collecting and forwarding SMS and email, making or forwarding calls, collecting contact list and call history, and monitoring device location.
We recommend checking your bank accounts to detect any unauthorized access. If you suspect that your mobile device is infected, the following measures are indicated: resetting the device by returning to factory settings and changing the credentials for authentication in the device and in applications.
As a preventive measure, to ensure the security of mobile devices, it is recommended to avoid accessing links or attachments from unknown sources."
The Covid-19 pandemic is the perfect opportunity for criminals who want access to the credentials of banking applications installed on smartphones. Share!https://bit.ly/2zjJiH9#SRI #Awareness
Published by SRI – Romanian Intelligence Service pe Friday, April 24, 2020
