Android Malware Pretends To Be WhatsApp, Uber and Google Play

Reader itwbennett writes: Security vendor FireEye said on Tuesday that malware that can spoof the user interfaces of Uber, WhatsApp and Google Play has been spreading through a phishing campaign over SMS. Once downloaded, the malware, which has struck Android users in Denmark, Italy and Germany, will create fake user interfaces on the phone as an 'overlay 's top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.

Easy fix

[wbr1]

Allow apps from unknown sources should always be off, unless you know what you are doing. Period. That should stop this, and is the default on most mainstream devices. It gets turned off when people want hacked versions of games, etc, then the malware creeps in. That setting should be on a use count timer. Use it once, then have to go set it again (manually, not a simple yes like UAC), for a fresh sideload install.

Make the user think!

FUD! Pay us cash!

[chill]

This is a 24 page report that can be summed up as "An amazing number of people are stupid enough to click links embedded in SMS messages. However, since this sort of attack is blocked by anyone with the default 'do not allow third-party apps' setting in Android, we only saw 38 actual instances of infected devices contacting the C2 systems. Please take the other 23 1/2 pages of the report as proof we are highly technically skilled, but in general spreading FUD so you pay us lots of money to protect against a threat that has an almost insignificant likelihood of affecting you."