The Android malware is spread via text message which says “We could not deliver your order. Please check your shipping information here hxxp://bit[.]ly/1ZfcNeV”.
Once users click on the link, the malware is installed. It then silently waits in the background for users to open the official app and then overlays a fake interface over the top. Victims are then tricked into revealing their banking information.
In total the malware is designed to mimic 8 separate apps, including WhatsApp, Uber, Facebook, Viber, Google Play and more.
These text messages have reportedly hit Denmark first, where it tricked over 130,000 victims into clicking on the link. FireEye said the malware is now making its way through Europe, with a handful of other countries thought to have been affected; including the United Kingdom, Germany, Luxembourg, Spain, Sweden, Norway, Netherlands, Italy, Greece, and Turkey.
How to protect your device from Android malware
- Don’t click on links you receive in unsolicited emails or SMS messages. The links may lead to malicious website and any attachments could be infected with malware.
- Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store. Always check reviews and ratings as well as developer information before downloading a new app as rogue ones can appear in legitimate app stores as well.
- Always make sure you have the latest version of software and antivirus installed.
- If your battery suddenly starts draining really fast, consider that it might be a malware problem.
To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.
