Menu
This malware pretends to be WhatsApp, Uber and Google Play

This malware pretends to be WhatsApp, Uber and Google Play

The malware has spread through phishing campaigns over SMS

Hackers are stealing credit card information in Europe with malware that can spoof the user interfaces of Uber, WhatsApp and Google Play.

The malware, which has struck Android users in Denmark, Italy and Germany, has been spreading through a phishing campaign over SMS (short message service), security vendor FireEye said on Tuesday.

Once downloaded, the malware will create fake user interfaces on the phone as an “overlay” on top of real apps. These interfaces ask for credit card information and then send the entered data to the hacker.

This family of malware continues to evolve. Since February, FireEye has observed 55 malicious programs in Europe that use the same overlay technique.

Earlier versions targeted banking apps, but now the malware can spoof the interfaces to more popular software, including WhatsApp and Google Play.

Users tend to input credit card information into these products as well as into banking apps, FireEye researcher Wu Zhou said in an email.

"Threat actors usually want to gain the largest financial benefit. So they typically target these apps that have a large user base," he added.

In some cases, the malware has also targeted YouTube, Uber and Chinese messaging app WeChat.

To spread the malware, the hackers have sent off SMS messages with a link and tricked their victims into clicking on it. One SMS message said: “We could not deliver your order. Please check your shipping information here.”

Since February, FireEye has noticed that the malware has been spread through five different campaigns. In one campaign, the hackers managed to generate at least 130,000 clicks to the link where the malware was hosted.

Newer versions of the malware can also be difficult to detect. Only six out of 54 anti-virus tools tested noticed a danger with the malicious coding, according to FireEye.

The malware has been found contacting servers in the United Arab Emirates, Germany, Italy, Latvia and the Netherlands.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags malware

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments