Financial Fraud APK Campaign

During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit files kept hitting our radar.
Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud.
To do this, the threat actor masquerades as a law enforcement official and says the target's phone number or bank account is suspected of being involved in financial fraud.
The threat actor then instructs the person to select their bank from the app and fill in their personal information, including payment card details.
Palo Alto Networks customers are better protected from this malicious APK through our Next-Generation Firewall with Cloud-Delivered Security Services, including Advanced WildFire, DNS Security and Advanced URL Filtering.
We found indicators of the malicious APK activity we'll discuss in this post as early as November 2022.
Our analysis of the malicious APK samples reveals victims must have retrieved them from non-official third-party sources, due to the non-compliance of the APK with official Google Play Store submission policies.
The threat actors used this Android application to impersonate law enforcement authorities.
By blocking incoming phone calls and SMS messages, victims are not able to receive alerts about financial fraud from others or from legitimate law enforcement.
First, the threat actor masquerades as an official law enforcement authority and alleges the victim's phone number or bank account is suspected of being involved in financial fraud.
To convince people the app is legitimate, the threat actor provides a legal case number, and they ask the person to search for this case number in the malicious application.
The threat actor will also generate a fake legal case document with the intended victim's name on it.
As depicted in Figure 3, the malicious application requests the legal case number and the person's sensitive personal information.
Once a target fully believes the app is from a genuine law enforcement authority, the threat actor guides the person to download the next-stage payload. The app accomplishes this by sending a download link, under the pretext of investigating bank transactions and the source of deposited funds.
Once selected, the threat actors instruct victims to fill in their sensitive personal information, including payment card details.
Since the application can block incoming phone calls and SMS messages, these financial institutions cannot contact the victims through their Android device, which makes it more likely that victims will be trapped in the scam.
Since the domain used by the malicious APK files during their execution is legitimate, definitively identifying isolated connections as malicious becomes challenging.
Attackers take advantage of an information gap and the victim's fear of being embroiled in legal action, coupled with carefully designed social engineering attacks, to reap significant illegal profits.
To defend against the threat, we highly recommend that people do not download third-party applications from untrusted mobile application stores and do not share sensitive information with unknown sources.
Palo Alto Networks has shared our findings with our fellow Cyber Threat Alliance members.


This Cyber News was published on unit42.paloaltonetworks.com. Publication date: Fri, 12 Jan 2024 12:13:04 +0000


Cyber News related to Financial Fraud APK Campaign

Comprehensive Guide to Fraud Detection, Management, & Analysis - To mitigate risks, businesses can use risk management strategies, including fraud detection software, company policies, and staff ranging from risk managers and trust officers to fraud analysts. Affiliate Fraud - Affiliates in a marketing arrangement ...
10 months ago Securityboulevard.com
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds - Threat actors undertaking identity fraud have been using deepfakes ten times more in 2023 than in 2022, according to digital identity verification solutions provider Sumsub. In its third annual Identity Fraud Report, published on November 28, 2023, ...
1 year ago Infosecurity-magazine.com
Does Less Consumer Tracking Lead to Less Fraud? - Authors Bo Bian, Michaela Pagel and Huan Tang investigated the relationship between the rollout of Apple's App Tracking Transparency and reports of consumer financial fraud. By default, Apple's ATT opted all iPhone users out of tracking, which meant ...
11 months ago Eff.org
Anti-Fraud Project Boosts Security of African, Asian Financial Systems - A nonprofit has launched the first open source platform aimed at delivering sophisticated anti-fraud capabilities to financial systems in Africa as well as parts of Asia and the Middle East. The Tazama open source project is real-time financial ...
8 months ago Darkreading.com
Financial Fraud APK Campaign - During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit files kept hitting our radar. Our research revealed a family of malicious APKs targeting Chinese users that steals ...
10 months ago Unit42.paloaltonetworks.com
Identity Fraud Rises as E-Commerce, Payment Firms Targeted - An analysis of global customer data has highlighted a 20% increase in overall fraud incidents compared to last year, largely attributed to the surge in impersonation fraud and the accessibility of sophisticated attack methods and tools. The gaming, ...
11 months ago Securityboulevard.com
Fighting the Next Generation of Fraud - In today's digital age, the landscape of fraud is evolving at an alarming pace. In 2022, 20-59-year-olds reported 63% of all fraud in the United States. Fraudsters have been quick to harness the potential of generative AI to perpetrate various ...
11 months ago Securityboulevard.com
5 Fraud Prevention Strategies That Help Companies Ward Off Cyber Attacks - According to PwC's 2022 survey, over half of companies experienced fraud in the past two years, the highest in 20 years of research. From cyber-attacks to wire fraud to dishonest employees, there's no shortage of threats that aim to profit off your ...
11 months ago Hackread.com
Latest Information Security and Hacking Incidents - In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their ...
9 months ago Cysecurity.news
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
A Comprehensive Look at the Financial Firms in European Union and Their Rules on Cloud-Based Services - Today's technology has opened up a world of possibilities for financial firms, especially with cloud-based services. Financial institutions are now able to access a great deal of information over the internet in an efficient and timely manner. ...
1 year ago Tripwire.com
DataVisor integrates SMS customer verification into its platform - DataVisor announced the expansion of its end-to-end platform capabilities with the integration of SMS customer verification for fraudulent transactions. This new offering, powered by Twilio technology, provides customers with enhanced fraud ...
11 months ago Helpnetsecurity.com
How Businesses Can Manage Cryptocurrency Fraud - With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. Businesses across the US are seeking innovative payment methods, with an estimated 75% of retailers looking to embrace cryptocurrency payment ...
9 months ago Cyberdefensemagazine.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
10 months ago Securityintelligence.com
US Consumers Lose a Record $10bn+ to Fraud Last Year - US adults lost over $10bn to fraud in 2023, with investment scams the biggest earner for threat actors, according to the latest figures from the FTC. The figures represent a record high for fraud losses, having increased 14% year on year. Investment ...
9 months ago Infosecurity-magazine.com
Google tests blocking side-loaded Android apps with risky permissions - Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. An APK is a file format used to distribute Android apps for installation in the operating ...
9 months ago Bleepingcomputer.com
CVE-2024-35844 - In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be ...
6 months ago Tenable.com
Payment Frauds on Rise: Organizations Suffering the Most - In today's digital landscape, organizations face an ever-increasing risk of falling victim to payment fraud. Cybercriminals are becoming more sophisticated, employing a variety of tactics to deceive companies and siphon off funds. Let's delve into ...
10 months ago Cysecurity.news
Visa Provisioning Intelligence predicts probability of token fraud - Visa launched Visa Provisioning Intelligence, an AI-based product designed to combat token fraud at its source. Available as a value-added service for clients, VPI uses machine learning to rate the likelihood of fraud for token provisioning requests, ...
11 months ago Helpnetsecurity.com
3,500 Arrested, $300 Million Seized in International Crackdown on Online Fraud - As part of an international effort to tackle online financial fraud, authorities in 34 countries have arrested approximately 3,500 suspects and seized roughly $300 million worth of assets, Interpol announced on Tuesday. The six-month operation, named ...
11 months ago Securityweek.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
9 months ago Darkreading.com
DWP Clarifies What Bank Accounts are Targeted in Crackdown on Benefit Fraud - Identity of the bank accounts targeted in the DWP crackdown on benefit fraud have recently been made clear. The Department for Work and Pensions will examine bank accounts as part of the Data Protection and Digital Information Bill that is presently ...
11 months ago Cysecurity.news
10 Key Things You Need to Know About the Sophisticated Vastflux Ad Fraud Scheme - At the end of April 2015, researchers from Distil Networks reported the discovery of a sophisticated ad fraud network, Vastflux, which had been around since at least January 2014. The network used sophisticated malware targeting both iOS and Android ...
1 year ago Securityweek.com
$22 Million Wake-up Call to Improve Security - A former Jacksonville Jaguars staff member is facing the possibility of a 30-year prison sentence after admitting guilt to financial crimes, including embezzling over $22 million from the NFL team. Insufficient Internal Controls: In many cases, a ...
10 months ago Securityboulevard.com
Fraudsters have found creative ways to scam some businesses - 70% of businesses report that fraud losses have increased in recent years and over half of consumers feel they're more of a fraud target than a year ago, according to Experian. To thwart fraudulent activity in 2024, businesses need to deploy more ...
9 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)