In the most recent attacks in Europe, hackers are stealing credit card information through a malware that can spoof the user interface of Uber, WhatsApp and Google Play. The malware has struck Android users in Denmark, Italy and Germany and has been spread through a phishing campaign over SMS.
Once it has been downloaded, it creates fake user interfaces on the phone as an overlay on top of real apps, and asks for credit card information which is then sent to the hacker. According to FireEye, a security vendor, since February they have observed 55 malicious programs in Europe that use a similar overlay technique. Earlier versions of the malware targeted banking apps however recent developments can spoof the interface to more popular software including WhatsApp and Google Play.
Wu Zhou, FireEye researcher said in an email that users tend to input credit card information into these products as well as into banking apps. He added that threat actors usually want to get large financial benefits therefore they target apps that have a large user base. YouTube, Uber and WeChat have also been targeted in some cases.
In order to spread the malware, hackers send off SMS with a link that tricks victims into clicking on it. An example of such a text said, “We could not deliver your order. Please check your shipping information here.”
What makes this worse is that the malware is difficult to detect; only six out of 54 anti-virus tools tested were able to notice the threat.
Read more here.