This mobile scam is quite concerning, because at first glance it appears completely legitimate 😬
A recent campaign has been uncovered where attackers are using real banking and government apps, modifying them with hidden malware, then fooling people into installing them.
These are not malicious apps built from the ground up.
They’re real apps that have been poisoned ☠️
It usually starts with a text or email which looks like it’s from a trusted organisation. Maybe a government department or a power company. It may even escalate to a phone call to offer help.
It usually starts with an urgent payment or other matter that need to be resolved as soon as possible.
You’re then directed to a website that looks very convincing. Sometimes even resembling the official app store where you’re prompted to download an app.
The poisoned app even behaves like the real one.
However, changes have been made behind the scenes.
Once installed, the app requests additional permissions. If approved, the attackers can:
🚫 Steal login credentials
🚫 Commit banking fraud
🚫 Monitor activity
🚫 And sometimes, take full control of the device
The scary thing is the malware can clean up after itself too.
Victims often remain unaware that anything has happened until funds are withdrawn, or their accounts have been accessed.
Currently the campaign is focused on Southeast Asia, though the technique can be effective anywhere.
It’s important to remember that the main rule of protection hasn’t changed: Real banks and government agencies never ask you to install apps through text messages, links or phone calls.
If you receive something unexpectedly that is demanding urgent action, pause, and don’t click. Verify the communication independently.
Because after a malicious app has been installed, the damage is likely already done.
👉 If you get an urgent message from what appears to be a trusted authority that asks you to download an app, would you feel pressured and install it, or would you think twice and verify?
Leave a comment!