News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Android : FakeSpy, an Android mobile malware

    Posted on Alex5723 Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories Android : FakeSpy, an Android mobile malware

    Viewing 1 reply thread
    • Author
      • #2277612
        AskWoody Plus

        FakeSpy is an information stealer used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.
        FakeSpy first targeted South Korean and Japanese speakers. However, it has begun to target users all around the world, especially users in countries like China, Taiwan, France, Switzerland, Germany, United Kingdom, United States, and others.
        FakeSpy masquerades as legitimate postal service apps and transportation services in order to gain the users’ trust. Once installed, the application requests permissions so that it may control SMS messages and steal sensitive data on the device, as well as proliferate to other devices in the target device’s contact list.

      • #2277655
        AskWoody Plus

        Once installed, the application requests permissions so that it may control SMS messages and steal sensitive data on the device

        So, one has to assist the crooks to infect one’s device?

        This reminds me of something a woman-on-the-street said when, during the preliminaries of OJ Simpson’s trial, was told in an impromptu interview on TV that the court was looking for jurors that had neither heard, nor read about the trial (as, and as far as possible, is the norm in the USA).

        Her comment: “They are looking for stupid people!”

        Maybe this “request” bit could be clarified a bit further?

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

        • #2277691
          AskWoody Plus

          Malware usually don’t rely on targeting sophisticated users, but simple users that click OK and give access to applications, automatically.

          Once the user clicks on the malicious link from the SMS message, the app asks them to approve installation from unknown resources. This configuration can be toggled on by going to ‘Settings’ -> ‘Security’ -> ‘Unknown Resources’. PackageInstaller shows the app’s permission access and asks for the user’s approval, which then installs the application.

          This analysis dissects FakeSpy’s Chunghwa Post app version, which emerged in April 2020.

          During the installation, the malware asks for the following permissions:

          READ_PHONE_STATE – Allows read-only access to the phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.
          READ_SMS – Allows the application to read text messages.
          RECEIVE_SMS – Allows the application to receive SMS messages.
          WRITE_SMS – Allows the application to write to SMS messages stored on the device or SIM card, including y deleting messages.
          SEND_SMS – Allows the application to send SMS messages.
          INTERNET – Allows the application to open network sockets.
          WRITE_EXTERNAL_STORAGE – Allows the application to write to external storage.
          READ_EXTERNAL_STORAGE – Allows the application to read from external storage.
          RECEIVE_BOOT_COMPLETED – Allows the application to receive a broadcast after the system finishes booting.
          GET_TASKS – Allows the application to get information about current or recently run tasks. (deprecated in API level 21)
          SYSTEM_ALERT_WINDOW – Allows the application to create windows shown on top of all other apps.
          WAKE_LOCK – Allows the application to use PowerManager WakeLocks to keep the processor from sleeping or the screen from dimming.
          ACCESS_NETWORK_STATE – Allows the application to access information about networks.
          REQUEST_IGNORE_BATTERY_OPTIMIZATIONS – Whitelists the application to allow it to ignore battery optimizations.
          READ_CONTACTS – Allows the application to read the user’s contacts data.

          • This reply was modified 6 months, 2 weeks ago by Alex5723.
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Android : FakeSpy, an Android mobile malware

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.