Since the rise of online shopping over the past few years and being accelerated by the ongoing pandemic, cybercriminals saw this opportunity to take advantage of the situation to earn profit. Cybersecurity experts found an ongoing campaign linked to threat actors luring online shoppers into downloading malware-infected applications to steal banking credentials.
The new campaign, first found in the latter part of 2021, has victimised several customers from eight Malaysian banks, wherein the threat actors impersonate brand websites and urge victims to install malware-laden applications on their Android devices.
Security analysts found seven websites that spoofed Malaysian services to abuse the popularity of online shopping in the country amid the pandemic.
The impersonated services involved in the campaign were six cleaning service firms and a pet convenience store, including Grabmaid, Maid4u, Maria’s Cleaning, Maideasy, YourMaid, MaidACall, and PetsMore. Instead of allowing customers to shop on the spoofed websites directly, they are instructed to install an application via Google Play Store, which they are unaware that the malicious app contains malware.
Upon installing the app, the hackers will obtain the victims’ banking data by offering the goods or services to the customers’ online shopping experience and asking them to enter their payment credentials to proceed with the checkout. A fake FPX payment page will be shown to the victims where they must choose their bank out of the eight Malaysian banks on the list.
The targeted banks in the campaign include Maybank, Public Bank Berhad, CIMB Bank, Affin Bank, Bank Islam Malaysia, BSN, RHB, and Hong Leong Bank. Once the victims have successfully submitted their banking details, an error message will pop up, thus sending their information to the threat actors’ servers.
The malware utilised in the campaign is designed to request only one user’s permission, such as reading received text messages to phish the victims’ banking details and forward MFA to the operators. Analysts confirmed that Malaysia is yet to be the only targeted country in the campaign, including the shops that it copies and the banks that the customers are registered. However, experts warn that the campaign might expand soon to other countries.
Experts strongly advise online shopping enthusiasts to verify if the website they are visiting is secure, such as if the link starts with HTTPS://. It is also important to avoid clicking on ads found at the top of a search engine results page. Furthermore, customers must be wary of the applications being downloaded on their phones, especially if they come from a suspicious website.