Fraudulent Recruiters Spread Banking Trojan through Malicious Apps in Phishing Scheme

Published:

Beware: New Mobile Phishing Campaign Targets Job Seekers with Malicious Apps

Rising Threat: Sophisticated Mobile Phishing Campaign Targets Job Seekers with Banking Trojan

By Ravie Lakshmanan | Dec 10, 2024

Cybersecurity experts have uncovered a sophisticated mobile phishing scheme, dubbed "mishing," aimed at distributing a revamped version of the Antidot banking trojan. This malicious initiative lures unsuspecting job seekers into downloading an infected application disguised as a legitimate tool.

Researchers from Zimperium zLabs reported that attackers masquerade as recruiters and entice potential victims with false job offers promising a competitive hourly wage of $25. "As part of the hiring process, victims are directed to download a malicious app that acts as a dropper, eventually installing the latest version of the Antidot Banker on their devices," explained researcher Vishnu Pratapagiri.

Identified as AppLite Banker, this new variant boasts capabilities that include siphoning sensitive unlock credentials and remotely taking control of infected devices— a feature reminiscent of the notorious TrickMo malware. The phishing campaign employs social engineering tactics to establish trust, often linking job offers to a fictitious Canadian company, Teximus Technologies.

Victims drawn into the trap are led to a phishing page, where they download an Android app claiming to facilitate employee-customer relationship management. The dropper uses ZIP file manipulation techniques to evade detection, asking victims to grant permissions and update the app with the guise of keeping their device secure.

Once installed, the malware requests Accessibility Services permissions to overlay device screens and perform malicious activities involving keylogging, SMS theft, and unauthorized access to banking and cryptocurrency accounts, impacting users proficient in several languages.

With attacks targeting high-value assets intensifying across Southern Asia, experts warn users to adopt robust security measures to protect themselves from these evolving threats. "It is vital to bolster defenses against such malicious initiatives to prevent significant financial losses," Pratapagiri cautioned.

Related articles

Recent articles