The hackers hid the malware in applications in the Google Play Store, such as OfficeScanner, Abfix, Currency XE Converter, SnapTune Vid, CoinCast, Horoskope, and Car News. The cybercriminals worked meticulously, as not only did they set up websites and accounts on social media for these apps, but they also responded to users’ feedback and fixed glitches in them.
The hackers used a three-stage process to infect devices.
After Core was downloaded to the device the hackers were given unlimited power, allowing them to extract SMS messages, send SMS messages to certain numbers, steal contact list information and financial credentials, install/uninstall apps, and conduct phishing attacks for shopping and financial applications, including cryptocurrency wallets, Amazon, and Paypal.
After stealing a target’s data, or if the victim didn’t have anything of value, the hackers would launch a command called “seppuku” (a Japanese form of suicide) that initiated a reset to factory settings, which would delete the malware itself.
The researchers at Bitdefender say there were two waves of infection: one between 2016 and 2017 and the other between 2018 and 2020. "We presume that the number of victims is in the count of tens of thousands, but we don’t know how many for sure", said Bogdan Botezatu, director of threat research and reporting at Bitdefender, told The Register.
For some reason, the hackers targeted people from developed countries – Australia, Canada, European Union members, and the United States, but ignored people from low-income countries like the former Soviet republics, countries in Africa, and some Arab-speaking nations. In all, the cybercriminals "spared" users from 90 countries. Bitdefender didn’t say where hackers come from.
The firm noted that the malware is still present and has the potential to expand its radius.
No comments:
Post a Comment