Posted on July 21, 2023 at 5:18 PM

Hackers Trick Android Users Into Installing Malware To Conduct Phishing Attacks

The Android operating system has been vulnerable to a wide range of hacking campaigns. Android devices have often been seen as less safe than iOS devices, with the threat posed by these devices being attributed to the prevalence of malware. The main entry point of hackers targeting Android users has been the Google Play Store app marketplace.

Hackers dupe Android users into installing malware

A report from the Computer Security Incident Response Team for the Polish Financial Supervision Authority has highlighted the main threat posed by these hackers. It appears as it hackers have been exploiting the Android WebAPK to dupe users into installing malware on their devices without them knowing it.

The report summarized how these hacking campaigns were happening and how they have become increasingly popular among Android users. The use of WebAPKs to conduct these hacking campaigns has raised the alarm as it is one of the main components of the apps deemed to be progressive.

WebAPKs offer a kind of link between the apps that have been created for use on mobile phones and the ones that can be used on desktop and laptop devices. These applications are becoming increasingly popular because of their ability to target both mobile and web-based users.

However, while WebAPK applications are becoming increasingly popular, they are being attributed to an increase in malware on Android devices. The main issue that is posed by these applications is that the ones created for use on web devices do not have the same restrictions as the ones that have been downloaded from the Google Play Store.

Malicious threat actors can target such applications by configuring their packages so that they can be delivered to the target devices. Moreover, the hackers behind such hacking campaigns can easily bypass any security measures that have been put in place to prevent the use of malicious apps.

Hackers using flaws to conduct phishing campaigns

The hackers exploiting the flaws with WebAPK applications have been conducting phishing campaigns. Phishing campaigns are a type of malicious attack that is used by hackers to trick users into clicking links or sharing their personal information. In such campaigns, a hacker impersonates a reputable organization.

In Poland, malicious threat actors managed to impersonate a bank known as PKO Bank Polski. The hackers later sent text messages to customers at the bank. These messages were configured to appear official and trick users into believing that they were sent by the bank. The messages urged users to update their information.

The text messages contained a link that customers were required to follow to update this information. However, the customers that followed this link ended up having their sensitive information fall into the hands of hackers. This information could later be used to conduct other attacks, such as brute-force attacks, or be sold on the dark web.

The link in question installed malicious apps on user devices. However, the process of installing these malicious apps did not trigger any warnings about a possible malicious installation. It also failed to alert the user that the app originated from an unknown source and could contain malware.

After a user installed this application, they were presented with an interface that appeared similar to a mobile banking login panel. The subsequent screens also asked the user to provide their login details, password, 2FA code, and an SMS code that would be used to authorize transactions. Such details provide a hacker with control over a bank account.

Android users can take several precautions to ensure that they do not fall victim to such vulnerabilities in the future. One should be aware that even in cases where a message appears to originate from an official source, there is a likelihood that a hacker might be behind the message. It is also recommended that users be cautious before clicking any links that have been attached to messages.

Web apps usually come with a wide range of advantages and disadvantages. Moreover, these applications also come with security risks that might be hard to deny. The use of banking trojans to target customers could also result in massive financial losses if customers fail to take measures to ensure that they do not fall for the tricks of these hackers.

“One of the challenges in countering such attacks is the fact that WebAPK applications generate different package names and checksums on each device. They are dynamically built by the Chrome engine, which makes the use of this data as Indicators of Compromise (IoC),” the researchers said.