McAfee Labs has uncovered a malicious Android app masquerading as a government service in Bahrain, designed to steal personal data for financial fraud. The malware pretends to offer services such as renewing or applying for driver’s licenses, visas, and ID cards. It targets users through fake Facebook pages and SMS messages, directing them to phishing sites where they download the malicious app. Upon launching, the app asks for personal details, including the CPR number and phone number, which are then sent to a command-and-control (C2) server.
Further personal information, such as full name, email, and date of birth, is also collected and sent to the C2 server under the guise of a verification process. The app shows a fake completion page, tricking users into thinking they will receive a confirmation email within 24 hours. In reality, cybercriminals use this waiting period to exploit the stolen information.
The malware also has a payload for stealing SMS messages, which it sends to the C2 server upon receipt. Additionally, the malware employs Firebase, a legitimate Google service, to dynamically load phishing URLs, making it harder to detect. McAfee Mobile Security has already identified this threat as Android/InfoStealer, and users are advised to download apps only from official app stores and be cautious of unsolicited messages and ads.
Reference:
