ESET researchers analyzed three malicious applications targeting customers of eight Malaysian banks
The popularity of online shopping has been growing during the past few years, a trend accelerated by the pandemic. To make this already convenient way of never having to leave the couch to buy new things even more convenient, people are increasingly using their smartphones instead of computers to shop: in Q1 2021, smartphones accounted for 69% of all retail website visits worldwide, and smartphone purchases made up 57% of online shopping orders. A noteworthy aspect of buying goods and services via a mobile device is that 53% of smartphone users do it from vendor-specific applications.
Seeking the opportunity to make a profit off this behavior, cybercriminals exploit it by tricking eager shoppers into downloading malicious applications. In an ongoing campaign targeting the customers of eight Malaysian banks, threat actors are trying to steal banking credentials by using fake websites that pose as legitimate services, sometimes outright copying the original. These websites use similar domain names to the services they are impersonating the better to attract unsuspecting victims.
CAMPAIGN OVERVIEW
This campaign was first identified at the end of 2021, with the attackers impersonating the legitimate cleaning service Maid4u. Distributed through Facebook ads, the campaign tempts potential victims to download Android malware from a malicious website. It is still ongoing as of the publication of this blogpost, with even more distribution domains registered after its discovery. In January 2022, MalwareHunterTeam shared three more malicious websites and Android trojans attributed to this campaign.
On top of that, ESET researchers found four more fake websites. All seven websites impersonated services that are only available in Malaysia: six of them, Grabmaid, Maria’s Cleaning, Maid4u, YourMaid, Maideasy and MaidACall, offer cleaning services, and the seventh is a pet store named PetsMore…