Check Point says a phishing scam in China can spread malware through text messages and they may be doing this by deploying fake base station (and yeah you can practically do this if you have the right tools). The messages according to a Check Point blog post says these scammers send text messages that supposedly come from China Telecom or China Unicom and when opened by an unsuspecting user can send a malware called “Swearing Trojan” to their device.
It’s quite a serious in that Swearing Trojan can steal personal data and it can bypass 2-factory authentication (2FA) security and it does this by;
Droppers download malicious payloads once a user installs an infected app on a device.
Attackers operate fake base transceiver stations (BTSs) that send phishing SMS messages masquerading as ones coming from Chinese telecom service providers China Mobile and China Unicom.
Once in a system, the trojan takes control of a device’s Android SMS application and the fact that it can bypass two factor authentication (2FA) means it can actually steal sensitive info from your device. Many application now depend on 2FA for security on the user’s end including bank applications.
It all begins though by an unsuspecting getting a message and upon opening it, you see a link as though it were from your provider and once clicked upon, it takes over your messaging app and can actually start sending messages on your behalf to your contacts. The messages range from work related stuff to nude celebrity photos and then it can report back to the attackers through your device of course on activities on your device.
The report adds though that the attackers are in custody following a police raid, Check Point researchers detected additional activity made by the malware. So it’s possible that the attackers in custody were only part of a larger operation to spread the malware.
Like I always advise, users have a duty to also protect themselves by first not clicking on links you have double thoughts about. In my experience, nearly 70 percent of these threats rely on users clicking a URL which then initiates the entire malware infection process.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
