Android Devices Targeted in Global Campaign to Steal SMS for OTPs
Android users face a global threat from malware that steals SMS messages and one-time passwords. Zimperium has tracked the campaign since 2022, affecting 113 countries, mainly Russia and India, with no reports in Singapore. Malware spreads via malicious ads and Telegram bots; CSA advises downloading apps only from the Google Play Store and keeping devices updated.
The Cyber Security Agency of Singapore (CSA) issued a warning on August 6 regarding this mobile malware designed to extract one-time passwords (OTPs), crucial for securing sensitive data and applications.
These stolen codes, typically used for account registrations and two-factor authentication, can then be exploited to breach corporate networks and data. The alert was initially raised on July 31 by Zimperium, a mobile security company monitoring the campaign since 2022. Victims from 113 countries have been identified, with Russia and India as the main targets.
Despite the global reach of the campaign, the CSA confirmed no local reports have been received thus far. The SMS-stealing malware is disseminated through malicious ads or Telegram bots capable of engaging with victims automatically.
In one approach, victims are lured into clicking a link redirecting them to a fake Google Play webpage. The malware, posing as a legitimate app, entices victims with inflated download numbers. Alternatively, Telegram bots offer a supposedly paid app in exchange for users' phone numbers.
The malicious software, disguised as an Android application package (APK), is then created to monitor and potentially launch future cyber attacks against the victim. Once installed, the SMS-stealing malware requests access to the victim's SMS messages.
Zimperium researchers have identified over 107,000 unique malware apps associated with the campaign and a network of approximately 2,600 Telegram bots distributing some of these apps.
To safeguard Android devices from such threats, CSA recommends the following precautions:
- Only download apps from the official Google Play Store, verifying the developer information and sticking to apps from official developers.
- Avoid disabling the Play Protect feature that scans apps from the Google Play Store for safety before installation.
- Review the security permissions and privacy policy of apps before downloading, especially those requesting unnecessary access like SMS functions or contact lists.
- Promptly remove any unfamiliar apps that suddenly appear on devices.
- Conduct antivirus scans regularly and back up essential data.
- Keep devices' operating systems and apps up to date to benefit from the latest security patches.
Android users face a global threat from malware that steals SMS messages and one-time passwords.
Zimperium has tracked the campaign since 2022, affecting 113 countries, mainly Russia and India, with no reports in Singapore.
Malware spreads via malicious ads and Telegram bots; CSA advises downloading apps only from the Google Play Store and keeping devices updated.
Source: STRAITSTIMES