DNSC recommends Romanians to avoid installing applications promoted through phishing attacks, and below you have a very detailed explanation of the problems generated by them.
"As part of the trap sms campaign launched by attackers during the Easter period, some users reported to the Directorate that, after accessing the link in the message, they downloaded and installed a malicious application for Android, called 'Voicemail'.
Subsequently, this app required multiple permissions, which, once granted, allowed attackers to spy on the user and extract sensitive data related to their activity on the device.
If you have installed and granted multiple permissions to such an app, we recommend using a security solution to remove it or factory reset your device. Don't forget to back up your essential data (contacts, pictures, videos, etc.) to an external source first, so you don't lose them.
To protect yourself from this type of online threat, the Directorate team recommends that you:
- Avoid accessing links and opening attachments from unknown sources;
- Grant permissions to mobile apps on a timely and as-needed basis;
- Check and periodically manage mobile app permissions;
- Use antivirus solutions and constantly update their signatures (update);
- Enable the option to check the security of installed mobile applications and the option to block those from unknown sources;
- Update the operating system to the latest version compatible with the system in use;
- If you realize that you have fallen victim to this type of attack, avoid at all costs logging into accounts without performing a factory reset of the device or recovering data from a backup created after installing the malicious application!
- If you have logged into certain accounts after granting permissions to such a malicious application, we recommend changing your corresponding passwords and enabling multi-factor authentication (2FA) where possible. If you used card data, contact the bank immediately to report the problem and replace the card, as well as the authentication data dedicated to the internet banking service."
