Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Ongoing SMS Stealer Campaign Targeting Android Device Users
Alerts

Ongoing SMS Stealer Campaign Targeting Android Device Users

6 August 2024

There are reports of an ongoing SMS stealer global campaign targeting Android device users. An SMS stealer malware is a mobile malware that steals one-time passwords (OTP) required for account registrations or two-factor authentications. 

The SMS stealer is distributed via two methods - malicious advertisements (also known as "malvertisement") or Telegram bots that automate communications with the victim. The malvertisement contains a link that leads the victim to a webpage which impersonates the Google Play website with inflated download counts of the malware app to entice victims to download the SMS stealer malware masquerading as a legitimate app. 

The Telegram bots offer promises of a pirated Android application that would otherwise require users to pay, in exchange for their phone numbers.  A personalised APK file is then generated for tracking and possible deployment of future attacks targeting the victim. 

Once installed, the SMS stealer malware requests for access to the victim's SMS function. This allows the malware to capture the victim's OTPs and possibly other sensitive information. This may allow threat actors to commit further fraudulent activities which leads to more victims falling prey due to  compromised devices or phone numbers.

Android users are advised to stay vigilant and adopt the following measures to protect their devices against malware:

  • Only install applications from the official Google Play Store. As an added precaution, check the developer information on the application listing, and only download applications developed and listed by the official developer.

  • Refrain from disabling the Play Protect function. This is enabled by default to run safety checks on applications from the Google Play Store before downloading them.

  • Pay attention to the security permissions requested by the application and/or its privacy policy before downloading. Be wary of applications that ask for unnecessary permissions such as access to your SMS function or contact list on your device.

  • Immediately uninstall any unknown applications that suddenly appear in your devices.

  • Perform anti-virus scans and keep regular backups of important data.

  • Ensure that your devices’ operating systems and applications are updated regularly so that they are protected by the latest security patches.

You may also refer to our joint advisory with the Singapore Police Force on The Dangers Of Downloading Applications From Third Party Or Dubious Sites for more information.

More information is available here:

https://www.bleepingcomputer.com/news/security/massive-sms-stealer-campaign-infects-android-devices-in-113-countries/

https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/