Check Point says a phishing scam in China can spread malware through text messages and they may be doing this by deploying fake base station (and yeah you can practically do this if you have the right tools). The messages according to a Check Point blog post says these scammers send text messages that supposedly come from China Telecom or China Unicom and when opened by an unsuspecting user can send a malware called “Swearing Trojan” to their device.
It’s quite a serious in that Swearing Trojan can steal personal data and it can bypass 2-factory authentication (2FA) security and it does this by;
- Droppers download malicious payloads once a user installs an infected app on a device.
- Attackers operate fake base transceiver stations (BTSs) that send phishing SMS messages masquerading as ones coming from Chinese telecom service providers China Mobile and China Unicom.
Once in a system, the trojan takes control of a device’s Android SMS application and the fact that it can bypass two factor authentication (2FA) means it can actually steal sensitive info from your device. Many application now depend on 2FA for security on the user’s end including bank applications.
It all begins though by an unsuspecting getting a message and upon opening it, you see a link as though it were from your provider and once clicked upon, it takes over your messaging app and can actually start sending messages on your behalf to your contacts. The messages range from work related stuff to nude celebrity photos and then it can report back to the attackers through your device of course on activities on your device.
The report adds though that the attackers are in custody following a police raid, Check Point researchers detected additional activity made by the malware. So it’s possible that the attackers in custody were only part of a larger operation to spread the malware.
Like I always advise, users have a duty to also protect themselves by first not clicking on links you have double thoughts about. In my experience, nearly 70 percent of these threats rely on users clicking a URL which then initiates the entire malware infection process.