Hackers are spreading info-stealing malware and taking over accounts using fake wedding invitations — how to stay safe
You're cordially invited...to get scammed
Getting an invite to an old friend or a colleague’s wedding is usually a joyous occasion but just like with everything else, hackers are now using wedding invites as a lure to spread info-stealing malware that can steal your data and seriously disrupt your life.
According to a press release from the cybersecurity firm Kaspersky, this new campaign targets users of the best Android phones by tricking them into sideloading a malicious app. While sideloading apps isn’t something I recommend, it’s easy to see how the news that someone is finally getting married could lead to potential victims lowering their guard.
Besides stealing your data, this malicious app and the malware it installs on your phone could wreak havoc on your personal life by causing even more drama than someone interrupting a wedding.
Here’s everything you need to know about this new campaign along with some tips and tricks to keep you and your devices safe from malicious apps spreading malware.
From an invite to device takeover
The fake wedding invites used in this campaign arrive as a message in either personal or group chats on WhatsApp or Telegram. In addition to details on the wedding, the invites contain a link to an APK file that needs to be sideloaded onto a user’s device. Normally a red flag, it might be overlooked by potential victims due to their excitement about the upcoming wedding.
If a recipient goes ahead and installs this malicious app on their phone, the Tria Stealer malware requests access to a number of permissions like the ability to read and receive text messages, monitor phone status, see call logs and network activity. However, it also asks to display system-level alerts, to run in the background and to start automatically once a device is rebooted.
With all of these permissions, the hackers behind this campaign now have almost complete control over an infected Android phone and can do things like intercept notifications to steal messages and emails. Users are also prompted to enter their phone number after installing the app which is then used by the hackers to transfer stolen data off the device via Telegram.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Another thing that makes this malicious app stand out is that it uses a gear icon like your phone’s Settings app to hide in plain sight. This makes it harder to find later on once victims realize something suspicious is afoot.
Now for the worst part though. With access to a victim’s text messages and emails, the Tria Stealer malware can then forward them onto your contacts. Imagine your juiciest texts being sent out to your boss as well as your friends and family to get an idea of just how disruptive this could be. Finally, Tria Stealer can also hijack your WhatsApp account to ask your contacts on the messaging app for money.
Fortunately though, only Android users in Malaysia and Brunei are currently being targeted by this new campaign according to Kaspersky. Still, like with previous campaigns I’ve covered, it could easily be adapted to target Android users in the U.S. and other countries around the world.
How to stay safe from malicious apps
The first and easiest way to stay safe from malicious apps spreading malware is to avoid sideloading apps altogether. It may be convenient but sideloaded apps don’t go through the same security checks that those on the Google Play Store and other official app stores do.
If anyone sends you a message online asking you to sideload an app, it’s best to simply ignore their request. They might be very convincing or say that the app is required to do something like RSVP for a wedding but you need to stand your ground.
To make sure you don’t have any malicious apps on your phone, you want to ensure that Google Play Protect is enabled. This free security app comes pre-loaded on most Android phones and when enabled, it can scan all of your existing apps and any new ones you download for malware. For extra protection though, it might also be worth installing and using one of the best Android antivirus apps alongside Google Play Protect.
Whether it’s a wedding, a job interview or any other important event, hackers are going to find a way to take advantage of them and use their timely nature as a lure in their attacks. This is why it’s up to you to remain vigilant when checking your email and messages to ensure that something suspicious doesn’t slip through.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.