Cybercriminals attack India, Pakistan, Morocco and Algeria via malware-infected app

More than 100,000 users in India have already been affected by a malware that redirects personal data to an external server. More than 9K users in Pakistan, 3K in Algeria and 1K in Morocco.

Evina’s team of malware analysts has identified an app containing particularly harmful malware. The app is, at the time of writing, ranked #1 among the top new messaging apps in the Google Play Store in India. 

The app Symoo masquerades as a legitimate messaging app to impersonate users and create fake social media accounts.

The Symoo app in the Google Play Store

Here is how the app operates:  

1. A user installs the app and is immediately asked to enter their phone number

The first page displayed by the malware that asks for the user’s phone number

2. When the app is launched, the user sees a loading screen, yet in the background, the app has launched a malicious program that steals the user’s phone number, intercepts all SMS messages and sends them to an external server. 

The misleading download page

3. A marketplace collects information from this server, retrieves the stolen phone number and reads the SMS messages linked to this number to obtain the one-time code that activates the fake account.

The social media platforms on which the cybercriminal has created fake account with the user’s phone numb

4. In this way the marketplace creates millions of fake accounts on popular social networks like Facebook, Twitter, Telegram or Google. 

5. Individuals who buy accounts from this marketplace can remain anonymous online and potentially perpetrate criminal actions.

Maxime Ingrao, malware analyst at Evina says “The attack mode of this malware goes to show how fragile the two-step validation payment process is. All these steps took place without the user’s knowledge and bypassed thousands of users.”

The marketplace offers the possibility to buy accounts from more than 150 social media platforms.

Individuals can choose the buy an account based on the origin of the phone number on the marketplace. The countries listed are all countries where the malware has stolen from users.

In India, more than 100,000 users have downloaded this app and have been affected by this malware.  

Cybercriminals have found several monetization channels to earn money by developing malware. This app is just one of many examples.  

David Lotfi, CEO and founder of Evina explains: “Advanced malware are increasingly infesting app stores around the world. These malware are more and more sophisticated and difficult to detect for app store owners. Only a company like Evina has the R&D, expertise and experience to identify them quickly. We’re very proud to be at the top of malware detection worldwide.”

Evina is fighting relentlessly against this type of threat which also targets mobile payments – see how cybercriminals steal from users in this video.

The Fraud Observer

Do you like this article ?

Articles, interviews, analyzes, debates ... Once a month, the most valuable insights and news to fight fraud and grow your business.