Monday, January 25

do not be fooled by this fake SMS

A phishing campaign targeting Android users has been detected and analyzed by the specialized media Cyberguerre, vertical of Numerama. In particular, the hackers sent a fake SMS pretending to be the government, prompting those targeted to download the TousAntiCovid application… which is in fact a banking malware.

TousAntiCovid

The TousAntiCovid application // Gamesdone: Frandroid

If you have received an SMS from the government on your Android phone after Wednesday, December 2, 2020, then vigilance is required. Because a phishing campaign is currently raging in France, as revealed by the cybersecurity vertical of Numerama, Cyber ​​warfare. In one tweet published on Friday, December 4, the TousAntiCovid twitter account announces that its SMS campaign has been closed since Wednesday.

However, several people have in the meantime received a suspicious message inviting them to download the TousAntiCovid mobile application. A message that looks like two drops of water to that of the government recently sent to the French. But on taking a closer look, a few small differences can be highlighted.

A very similar SMS

In the first place, the URL address indicated in the fraudulent message arouses mistrust: it indeed corresponds to a shortened link Bit.ly, against the address “http://bonjour.tousanticovid.fr” normally sent by the State. . The shortened link includes the mention “AntlCovid19” to resemble the name of the application as closely as possible, notes CyberGuerre.

On the left, the official SMS.  On the right, the fraudulent SMS

On the left, the official SMS. On the right, the fraudulent SMS // Gamesdone: CyberGuerre by Numerama

Problem: the “i” of “Anti” has been replaced by a lower case “l” necessarily similar. A common technique, which can also be used with the letters “rn” to simulate an “m”. Another notable difference is the name of the recipient: “GOUV.FR” in this case, against “Gouv.fr” used by the official authorities. These are small details, of course, but which can just fool ordinary people.

The malicious URL then leads to a web page with an interface very similar to the official website, with a so-called downloadable app on it which is actually an APK file named tousanticovid.apk. Except that only owners of an Android smartphone are entitled to it, while the official application is compatible with both Android and iOS devices. Again, this reinforces suspicions of fraud.

Very sophisticated banking malware

The file in question is in fact a malicious program which invites you to deactivate Google Play Protect in order to intrude into your mobile device and collect a large amount of data … especially banking. Because according to Maxime Ingrao, researcher specializing in Android at Evina contacted by CyberGuerre, the virus in question is a malware sophisticated banking system capable of stealing your dedicated information.

From your username to your password through the two-way authentication SMS, the virus captures all the data necessary to achieve its ends. Harvesting those from your Facebook or WhatsApp accounts is also not a problem. In the event of an infected phone, CyberGuerre recommends resetting your smartphone. The fraudulent site is still active at the time of this writing.

TousAntiCovid (AntiCovid / StopCovid)

TousAntiCovid (AntiCovid / StopCovid)

New travel certificate on smartphone, PDF, Word and with the TousAntiCovid app

On October 28, 2020, President Emmanuel Macron announced new containment to fight the spread of Covid-19. An exceptional travel certificate has been put in place for the new confinement. This certificate …
Read more

Logo



Leave a Reply

Your email address will not be published. Required fields are marked *