- The researchers found more than 250 false appointments applications aimed at Android users
- Applications request extensive permits and end up stealing confidential files
- The victims are extorted later under the threat of freeing the archives to friends and family
An “emotionally manipulative” extortion campaign has been seen taking advantage of hundreds of mobile applications in mobile ecosystems.
Zimperium Zlabs security researchers claimed to have found more than 250 Android applications, all pretending to be appointment and romance applications.
While everyone looks slippery and well designed, all function as infants of infants, obtaining contact information, photos and other device data. In some cases, the victims were attracted to grant access through “interactions with emotional load” and “exclusive invitation codes.
How to stay safe?
Zimperium calls the Sarangtrap campaign, since he addresses most people living in South Korea.
If threat actors find incriminating information about the committed devices, communicate with the victim and threaten to share it with their family, friends and partners, unless a payment is made.
“This is more than an outbreak of malware, it is a digital weapon of trust and emotion,” Zlabs’s research team said. “Users seeking connection are being manipulated to give access to some of their most personal data.”
To worsen things, of the 80 domains used in this campaign, many were supposedly indexed by popular search engines, which makes them legitimate to victims who seek to make their due diligence.
In its report, Zimperium advises mobile users not to download applications from unknown links, or unofficial application stores, insinuating that none of the more than 250 applications used in the campaign can be found in Play Store or App Store.
Apple and Google are quite diligent when it comes to repositories of their applications, and although the malware opens the way from time to time, it is much more difficult to collect malware in the official store, than in a third not vetoed.
Users must also be careful with applications that require unusual permissions or invitation code, regularly review the permits that granted and installed profiles that operate, and must install mobile safety solutions on the device that can help detect and block malware.