A recent analysis has brought to light a growing threat in the form of a fake e-shop campaign, which is targeting banking security in multiple regions. Initially concentrated on Malaysian banks, this phishing campaign has expanded to include financial institutions in Vietnam and Myanmar, raising concerns among cybersecurity experts.
What makes this e-shop phishing campaign unique is its utilization of Android malware with screen-sharing capabilities, indicating a high level of sophistication and expertise on the part of the cybercriminals behind it. By integrating advanced technology and social engineering tactics, the threat actors are aiming to exploit vulnerabilities in financial institutions for their illicit gains.
According to reports from Cycle Research and Intelligence Lab (CRIL), this phishing campaign originated in 2021 with a focus on Malaysian banks. Victims were enticed through fake cleaning service pages on social media platforms, leading them to phishing sites where they were prompted to download malicious APK files.
As the campaign evolved, it began targeting a wider range of Malaysian banks, including Hong Leong Bank, CIMB Bank, and Maybank. In September 2022, the operation expanded to Vietnam, followed by Myanmar in November of the same year. The modus operandi remained consistent: lure victims through phishing sites posing as legitimate payment applications and trick them into downloading harmful files.
The latest updates to the fake e-shop campaign have revealed over ten identified phishing sites masquerading as online shopping platforms. These sites offer downloadable Android applications that, upon installation, release sophisticated malware equipped with features like screen sharing via the Janus WebRTC plugin and exploitation of accessibility services, complicating detection and mitigation efforts.
Cybersecurity experts recommend several mitigation practices against such e-shop phishing campaigns. These include verifying URLs for errors, checking SSL encryption, and authenticating professional design and contact information on websites. Additionally, users are advised to exercise caution when downloading apps, install reputable antivirus software, scrutinize permissions granted to applications, stay vigilant against suspicious links, and regularly update devices and software to enhance security defenses.
The growing threat posed by the fake e-shop campaign underscores the evolving tactics of cybercriminals and the risks they pose to personal and organizational security. By targeting financial institutions across various regions and employing advanced strategies, threat actors are creating significant challenges for cybersecurity professionals and individuals alike.
Please note that the information in this report is based on internal and external research, and users are advised to use it for reference purposes only. The Cyber Express assumes no liability for the accuracy or consequences of relying on this information.
