A nasty piece of Android malware, capable of stealing users' data and banking information and contact lists, that was first discovered three years ago in Japan, has resurfaced and is considered to be more powerful and sophisticated than ever before. According to a report by Cybereason, Fakesky, as the malware is called, initially affected users in Japan and South Korea when it was first discovered. However, according to researchers, the new version is affecting users from all around the world. Notably, it is also duping users by masquerading as a legitimate postal service application.
According to a report, Fakesky uses smashing or SMS phishing to target users. The malware claims to be from a local post office and sends fake text messages, prompting the victims to click on a malicious link. This link directs them to download an app. Once the unsuspecting users download the fake app, the malware gets full access to a user's device and is able to read text messages, contact information, read from external storage and can even send text messages. The app also gets direct access to banking-related apps and can steal login information.
Talking about where exactly the malware has its roots, researchers claim that the culprit is the Chinese-speaking group called "Roaming Mantis" which is responsible for operating this app in Asia. "The malware authors seem to be putting a lot of effort into improving this malware, bundling it with numerous new upgrades that make it more sophisticated, evasive, and well-equipped. These improvements render FakeSpy one of the most powerful information stealers on the market. We anticipate this malware to continue to evolve with additional new features; the only question now is when we will see the next wave," Cybereason researchers said.