Fake post-office apps are trying to steal your money — avoid these now

us postal service
(Image credit: Michael715 / Shutterstock.com)

Security researchers have discovered a new strain of malware that masquerades as postal services from multiple countries.

According to information-security firm Cybereason, a new campaign involving FakeSpy -- an Android information-stealer that previously attacked victims in South Korea and Japan -- is now targeting users in the US, UK, Germany, France, China, Taiwan and Switzerland.

First discovered in 2017, FakeSpy is capable of sending malicious text messages, spying on sensitive data like account details and contacts, compromising banking and card details, and pilfering account data. 

FakeSpy relies on a technique called SMS phishing, whereby hackers distribute malicious text messages that purport to be from a legitimate organisation so that the victims are encouraged to click on links. 

But over the past few years, the malware has become more powerful, has developed new features and is now compromising users on a global scale. 

“FakeSpy is very interesting because it has been in the wild since 2017; now its latest campaign indicates that it has become more powerful!" Cyberreason writes in its report. "Code improvements, new capabilities, anti-emulation techniques, and new global target audience all suggest that this malware is well maintained by its authors."

Global targets

In its new campaign, FakeSpy victims receive a message claiming to be from a local postal service. However, the content of the message is fake and includes a malicious link.

The text messages purport to be from legitimate postal services such the U.S. Postal Service, the Royal Mail (UK), Deutsche Post (Germany),  La Poste (France), Japan Post (Tokyo), Yamato Transport (Japan), Chunghwa Post (Taiwan) and Swiss Post (Switzerland).

Once users click on the link in the text message, they’re taken to what looks like a convincing website of a postal provider. Here, they’re asked to install an Android app from this company, but it’s actually the FakeSpy APK.

“Cybereason has observed that each of the fake applications are built using WebView, which allows the developer to show a webpage,” said the researchers.

“In this scenario, the malicious FakeSpy apps redirect users to the original post office carrier web page. Between this, these applications’ icons, and their UIs [user interfaces], they appear legit and can easily lure the user to believe it’s the original application.”

Dangerous results

After the Android app has been downloaded and given various device permissions, its stealing capabilities soon come into effect. 

The malware is capable of stealing contact lists, mobile numbers and device information, and also looks for banking and cryptocurrency apps installed on the infected hardware. 

Assaf Dahan, head of threat research at Cybereason, told Tom’s Guide: “Hackers prey on consumers and individuals because they are the weakest link in the game of chess that goes on constantly between hackers and corporations and hackers and consumers. 

“To minimize risk, users should apply critical thinking and be suspicious of SMS messages containing links. If they do click on a link, they need to check the authenticity of the webpage, look for typos or wrong website name, and most of all -  avoid downloading apps from unofficial stores.”

To that, we'd add that you should never download or install an app that is offered through a website. Go to the Google Play Store instead and search for the app there. And as always, one of the best Android antivirus apps will help detect and defeat mobile malware.

TOPICS

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Online Security
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Latest in News
Google Pixel 9a render
Google Pixel 9a spotted at wrestling event — can its camera lay the smackdown on budget phones?
Samsung Galaxy S25 Edge back
Samsung Galaxy S25 Edge price comes into focus with latest leak
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A photo of the Samsung Galaxy S24 in hand with the Circle to Search feature in use. The circle is half drawn.
Google's next big Circle to Search upgrade could involve automatic translation — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 12 (#640)
Jean Smart as Deborah Vance and Hannah Einbinder as Ava Daniels in Hacks
Max reveals 'Hacks' season 4 release date and trailer — here's when it's coming