Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
Essential information
- Published
- 03/06/2024 11:21
- Modified
- 03/06/2024 11:48
- Tags
- 2024-06-03 android android/infostealer fraud infostealer malicious phishing
- Related entities
- 14 observables, 7 techniques (mitre), 1 malware, 1 others
Description
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers, names, emails and dates of birth under the guise of offering services like driver's license renewals and visa applications. The stolen data is then exploited for financial fraud. The tactics employed include dynamically loading phishing sites via Firebase and stealing incoming SMS messages without user notification.