JAKARTA - Kaspersky's global cybersecurity company, has just discovered a Mamont banker Trojan deployment scheme, posing as a freight forwarding or package tracking app.
In this scheme, attackers will pretend to sell various products at a lower price than the general price, through a number of websites.
To make the purchase, the victim will be asked to join a private Telegram chat, which contains instructions for ordering. The channel itself is made as if a bot can answer all customer questions and complaints.
This scheme becomes more credible because the fraudsters do not ask for a down payment. However, moments after making the booking, the victim received a message that the order had been sent, and its delivery could be tracked using a special application. Links to .apk files and delivery tracking numbers are included.
The message also emphasizes that to pay for orders after receiving them, you must enter a tracking number and wait while orders are loaded (which can take more than 30 minutes).
The link leads to a malicious site that offers to download trackers for the package sent. Unfortunately, instead of tracking apps, the file is Mamont's banking malware for Android.
When installed, "trackers" ask for permission to operate in the background, as well as work with push, SMS, and call notifications. Victims are required to enter a code, which should be to track the package, and wait.
VOIR éGALEMENT:
-
| TEKNOLOGI
Panduan Keamanan Wi-Fi: Cara Menghindari Ancaman Nearest Neighbor
16 Desember 2024, 18:31 -
| TEKNOLOGI
Apple Siap Investasikan Rp16 Triliun di Indonesia untuk Bangun Pabrik Air Tag di Batam
20 Desember 2024, 06:30 -
| TEKNOLOGI
Masalah Boot Loop Meluas pada Galaxy S22 Ultra Setelah Pembaruan One UI 6.1
20 Desember 2024, 10:05 -
| TEKNOLOGI
Kolaborasi Google Cloud dan Bank Jago Perkuat Infrastruktur AI di Sektor Keuangan
20 Desember 2024, 11:35
After the victim entered the "track code," the Trojan began intercepting all push notifications, including banking transaction code, and forwarding them to the attacker's server.
This malware can also receive commands to hide app icons, access SMS messages in the last three days, upload photos from the gallery, and send SMS messages to random numbers.
As a result, criminals can take advantage of stolen photos or data to target further victims, including small business owners who often store important business information on their devices.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
