Many cybercriminali they use some of the human feelings as leverage for their activities, including fear.
The campaign identified by the Europen IT security company also falls into this context D3Labs. The company, through its blog, reported that some cyber criminals have exploited the service IT-Alert for their purposes. We are talking about a useful platform for alerting the population in case of natural disaster.
Leveraging the population’s concern regarding the recent seismic and volcanic activities of the Phlegraean Fieldscybercriminals cloned the app’s official website.
According to D3Labs, the fictitious site presented this text to encourage users to download the app “Due to the possible eruption of a volcano, a national earthquake could occur. Download the app to keep an eye on whether the region could be affected“.
The fake site was aimed at users only Androidredirecting them to the actual IT Alert website if accessed via a browser desktop o one iOS device.
The IT-Alert app is actually the fearsome spyware SpyNote
Once the victim downloaded the file APK (that is to say IT-Alert-apk) and installed the same, this activated the famous malware SpyNotesold as MaaS are Telegram.
By requiring the user to allow the app to run in the background, cybercriminals are able to gain full control of the victim’s smartphone via its accessibility services. This allows them to “Monitor, manage and modify device resources and features along with remote access capabilities“. This technique also makes it more difficult for victims.”Uninstall the application, update already uninstalled apps, or install new ones“.
SpyNote can also access your device’s camera, extract personal information, and send this information along with images and videos from the infected device to its command and control center.
Luckily, it seems, those who rely on Google Play should not run any risks. In fact, a Google spokesperson stated a BleepingComputer come “There is no app containing SpyNote on Google Play“. APK files coming from unsafe sources, however, remain highly at risk from attacks of this type.