More than 100,000 users in India have already been affected by a malware that redirects personal data to an external server. More than 9K users in Pakistan, 3K in Algeria and 1K in Morocco.
Evina’s team of malware analysts has identified an app containing particularly harmful malware. The app is, at the time of writing, ranked #1 among the top new messaging apps in the Google Play Store in India.
The app Symoo masquerades as a legitimate messaging app to impersonate users and create fake social media accounts.
Here is how the app operates:
1. A user installs the app and is immediately asked to enter their phone number
2. When the app is launched, the user sees a loading screen, yet in the background, the app has launched a malicious program that steals the user’s phone number, intercepts all SMS messages and sends them to an external server.
3. A marketplace collects information from this server, retrieves the stolen phone number and reads the SMS messages linked to this number to obtain the one-time code that activates the fake account.
4. In this way the marketplace creates millions of fake accounts on popular social networks like Facebook, Twitter, Telegram or Google.
5. Individuals who buy accounts from this marketplace can remain anonymous online and potentially perpetrate criminal actions.
Maxime Ingrao, malware analyst at Evina says “The attack mode of this malware goes to show how fragile the two-step validation payment process is. All these steps took place without the user’s knowledge and bypassed thousands of users.”
In India, more than 100,000 users have downloaded this app and have been affected by this malware.
Cybercriminals have found several monetization channels to earn money by developing malware. This app is just one of many examples.
David Lotfi, CEO and founder of Evina explains: “Advanced malware are increasingly infesting app stores around the world. These malware are more and more sophisticated and difficult to detect for app store owners. Only a company like Evina has the R&D, expertise and experience to identify them quickly. We’re very proud to be at the top of malware detection worldwide.”
Evina is fighting relentlessly against this type of threat which also targets mobile payments – see how cybercriminals steal from users in this video.