We don’t like to talk about malware in Android a lot. Most of the time it’s not an issue unless you’re downloading stuff you shouldn’t be downloading. There are times when real malware threats are infecting Android devices. A new phishing campaign in Europe is spreading by presenting nearly identical credentials as legitimate apps and tricking users into providing banking info.
FireEye, a cyber security company, explains how it works:
After landing on the user’s device, the malware launches a process to monitor which app is running in the foreground on the compromised device. When the user launches a benign app into the foreground that the malware is programmed to target (such as a banking app), the malware overlays a phishing view on top of the benign app. The unwary user, assuming that they are using the benign app, will enter the required account credentials, which are then sent to remote C2 servers controlled by threat actors.
The campaign has targeted WhatsApp, Uber, YouTube, Wechat, Google Play, and other popular apps. To avoid the scam, don’t click on any text messages that aren’t from a credible source. That’s the advice you should always be abiding. If there’s anything fishy on your phone, don’t click it.