Looking for a new job is already a difficult process on its own, but now hackers want to make things even harder for prospective job seekers by infecting their phones with a banking trojan designed to target any financial apps and services they have installed on their device.
As reported by The Hacker News, cybersecurity researchers have discovered a new mobile phishing campaign used to distribute an updated version of the Antidot banking trojan. Codenamed AppLite Banker by the mobile security company Zimperium who first spotted this new campaign, this malware can steal a victim’s PIN in order to remotely take over their smartphone.
AppLite Banker isn’t done there, though, as the banking trojan specifically targets 172 banking, finance and crypto apps and then uses overlay attacks to harvest a user’s credentials when they go to log into one of these apps.
Here’s everything you need to know about the AppLite Banker trojan along with some tips and tricks to help you stay safe from hackers during your next job search.
Impersonating recruiters and HR reps
In a new blog post, Zimperium’s zLabs team explains that the hackers behind this campaign pose as recruiters or HR representatives (like we saw with a similar Windows-based campaign this summer) to lure in potential victims with job offers. To make matters worse, they pretend to be from well-known organizations including Euskatel, Eminic, Distributel, and Oasis and use carefully crafted emails to avoid raising suspicion.
To get victims to respond to their offers, the hackers also promise them an hourly rate of $25. If a job seeker falls for this initial email, they are led to a malicious landing page where they can continue the application process or schedule an interview. Instead though, this page manipulates them into downloading a CRM or customer relationship management app for Android. While the app itself appears legitimate at first glance, it’s actually a malware dropper used to deploy the primary payload onto their device.
In order to bypass the best Android antivirus apps, this fake app uses a number of obfuscation techniques like manipulating ZIP file structures and Android Manifest files. These methods can often render antivirus apps and other anti-malware tools ineffective which allows the malware to take hold of a vulnerable Android phone.
When this malicious app is loaded for the first time, it shows an account creation page. After creating an account and logging in, users are then told they need to install an "update" for the app to function properly. However, as you might have guessed, this update is actually the AppLite banking trojan.
Clicking on the “Update” button within the app shows a fake Google Play Store icon to reassure users before the malware is installed on their phone. As with other Android malware strains, AppLite abuses Android’s Accessibility Services permissions to grant itself even more permissions but they are also used in the overlay attacks launched by the malware.
Once installed on one of the best Android phones, AppLite can be used by a hacker to launch all sorts of different commands including opening their keyboard, unlocking their device, downloading their text messages, uninstalling apps, sending push notifications and more.
How to stay safe from hackers during your next job search
Just like any other day on the internet, when you’re looking for your next job, you need to be extra careful when it comes to who and what you interact with online.
In this case, victims should have done their due diligence about the recruiter and why they contacted them out of the blue in the first place. Were they actively looking for a job? Had they submitted their resume on job sites? If not, an email with an offer like this one would definitely seem too good to be true. However, if their job hunt hadn’t gone as planned and they had been looking for a while, they might be more likely to let their guard down and head to the site included in the initial email.
Still though, if a job requires you to sideload an app in order to apply for a position, that should be a major red flag. A real business would direct you to their app on the Google Play Store or on the App Store; even then, when was the last time you had to download an app to just apply for a job? I could see if a company made you download Zoom or another popular workplace tool, but one of their own internal apps would be very unlikely.
When looking for a new job, you'll want to stick to trusted and well-known recruitment sites like Indeed, Monster, ZipRecruiter and others as well as LinkedIn. From there, be wary when you’re told to download files and especially apps. Most job applications and recruitment is done via web portals, so there’s nothing you would need to download in the first place.
It's worth noting that Google Play Protect does does protect against known versions of AppLite according to my contact at the search giant. Likewise, you should also consider using of one of the best identity theft protection services to recover any lost funds or even your identity after a run-in with a campaign like this one.
Hackers love to go after those who are vulnerable, and people actively looking for a new job after getting laid off or fired certainly fit the bill. This is why it’s up to you to practice good security habits and excellent cyber hygiene and who knows, your ability to spot a phishing email or a scam could give you a leg up over other potential candidates.
More from Tom's Guide
