Android malware named FakeSpy ‘re-emerges’ more dangerous than ever after three years

An Android malware called FakeSpy has been re-emerged and is currently targeting users in the U.S. and Western Europe,media BGR reported. The app can steal users’ text messages, bank information, and app data. The malware spread through a text message that appeared to be from a local post office and instructed users to download an app masquerading as a legitimate post office app.

Android malware named FakeSpy 're-emerges' more dangerous than ever after three years

A dangerous Android malware called FakeSpy has re-emerged, according to a new report from Cybereason. FakeSpy, first discovered by security researchers nearly three years ago, is a particularly bad malware designed to steal users’ text messages, financial data, bank login information, app data, contact lists, and more.

Android malware named FakeSpy 're-emerges' more dangerous than ever after three years

In the original avatar, the app targeted users in Korea and Japan. Lately, however, the app has become more ambitious and is now targeting users around the world. Currently, the malware targets countries including China, France, Germany, the United Kingdom and the United States. It is reported that the current FakeSpy iteration is also more powerful and complex than the original version, which means android users should be particularly vigilant to avoid receiving suspicious messages.

FakeSpy’s spread was clever, starting with a text message claiming to come from a local post office. The text message claimed that the post office tried to deliver a package, but was unable to deliver it because the user was not at home. It then provides a link that users can click on that directs users to download an app masquerading as a legitimate postal service app. Once installed on the device, the app sends fake text messages and malicious links to the user’s entire contact list.

Android malware named FakeSpy 're-emerges' more dangerous than ever after three years

Cybereason added:

Fake apps are built using WebView, a popular extension of Android’s View class that allows developers to display a web page. FakeSpy uses this view to continue spoofing by redirecting users to the original post office operator’s web page when launching the app. This makes the applicationlook legitimate, especially given the icons and user interfaces of these applications.

Once an unsuspecting user downloads a fake app, the malware basically has full access to the user’s device. Where it can read text messages, send text messages, access contact information, and read from external storage. In addition, the app specifically looks for any bankor or cryptocurrency-related application seeking to steal login information.

As for the source of the malware, the researchers say all the signs point to an organization called Roaming Mantis.

Android malware named FakeSpy 're-emerges' more dangerous than ever after three years

Cybereason concludes:

The malware’s authors seem to have worked hard to improve the malware, bundling many new upgrades to make them more complex, easily circumventible, and well-equipped. These improvements make FakeSpy one of the most powerful information thieves on the market. We expect this malware to continue to evolve and add more new features; the only question now is when we’ll see the next wave.