A new and worrying malware campaign is spreading on Android. This, taking advantage of some technical notes from social engineeringpushes unsuspecting victims to dump an alleged antivirus which, in reality, turns out to be an extremely dangerous malevolent agent.
According to what was reported on the website of BleepingComputer, the operation seems to have initially affected almost exclusively high-end smartphones of Finnish users, and then expanded to the rest of the world. The first cases were reported byFinnish Transport and Communications Agency (Traficom), which described in detail how cybercriminals work.
The approach takes place through a SMS which asks the potential victim to contact a telephone number. Once contacted, the user is convinced to download an app McAfee, as the device is considered a victim of malware. Obviously, the antivirus turns out to be a malicious agent itself, affecting apps home banking and other sensitive services present on the infected device.
The fake antivirus is actually a very dangerous APK file
This type of attack is quite insidious. Having to deal with a person through a phone call, in fact, instills a certain sense of security.
The sensation is exploited by cybercriminals who, in this way, manage to claim a huge number of victims and avoid systems such as anti-spam filters, capable of blocking similar malware campaigns. In fact, several cases of victims have been recorded precisely on Finnish territory: specifically, Traficom speaks of a person who lost $100,000 which he kept in the bank. But how can attacks of this type be avoided?
The campaign in question pushes the user to download the fake antivirus like file APK. This, in fact, does not come from Play Store or other official sources. Regardless of the individual case, this behavior is always very dangerous. No antivirus company, nor any bank or similar, would ask its customers to download an APK file.
It is not the first time that McAfee has been involved, against his will, in a cyber attack where his brand is abused.