Kaspersky Finds Tria Stealer Campaign Under Marriage Invitation, Will Operate In Indonesia

Examples of Tria Stealer campaigns (photo: Kaspersky)

JAKARTA - Kaspersky's Global Research and Analysis Team (Global Research and Analysis Team/GReAT) detected a new malicious campaign targeting Android users in Brunei and Malaysia.

This campaign uses fake wedding invitations to lure victims to install malicious applications labeled by Kaspersky as Tria Stealer.

After the application is installed, the malware asks for permission to allow it to access data, such as reading and receiving text messages, monitoring the status of mobile phones, log calls, and network activities, as well as taking actions such as displaying system-level warnings, running in the background, and starting automatically after the device is rebooted.

The application imitates the system regulation application with a gear icon (gear icon) to trick victims into thinking that the demand and application itself is valid.

By eavesdropping on SMS messages, attackers also have the opportunity to gain access to accounts on various applications or services (for example, online banking) by requesting an OTP entry code from this service and reading it in a tapped SMS message.

Users are also asked to enter their phone number, which was sent to the attacker along with the brand and device model. All the stolen data is transferred to the attacker via the Telegram bot.

Kaspersky predicts that this campaign will most likely be operated in Indonesia. So, everyone needs to be aware of fraud like this.

"Our investigation shows that this thief is likely operated by Indonesian-speaking threat actors, because we found artifacts written in Indonesian," concluded Fareed Radzi, Security Researcher at Kaspersky GReAT.