Japanese cybersecurity intelligence recently identified the latest advanced mutant of the FakeCop info stealer impersonating a legit privacy service provider Android app by NTT Docomo known as ‘Anshin Security.’
In the wake of the attack other antivirus service companies are on red alert as spyware acquires a wide range of users’ data by promising protection against the spyware. The fake app offers an anti-virus tool against the spyware but it instead installs malware on the user’s device.
According to the cybersecurity firm Cyble, spyware sends a malicious APK in phishing links via email or SMS imitating the Japanese company KDDI. Alongside, the malware has also been identified as being recorded on 22 out of 62 AV engines on VirusTotal, which hints at the fact that the malware has been developed to stay hidden across many parameters.
Hackers collect confidential information of users such as contacts, accounts information, SMS, and apps list. It does not end here, hackers also alter or delete SMSs in the device database, device hardware information (IMEI), and send SMS without the user’s knowledge.
Further, for users' safety, the organization will look into other antivirus software and flag them as malicious. Users are suggested to remove the current app and use the latest versions of Google Play Protect, activate them. Lastly, users are also recommended to avoid clicking on unidentified links.
Security experts say that supposedly, FakeCop has similar origins as Flubot and Medusa as similar to these two malware, it also employs free dynamic DNS 'duckdns.org' to deliver.
