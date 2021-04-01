It is usual that let’s use our smartphone to manage our finances, accessing the application of our bank to check the movements or make transfers, for which we must take all the necessary security measures so that our data is safe.

One of them is to learn about the existence of a banking Trojan on Android that is dedicated to impersonate courier companies to steal our bank details and that now he is sending SMS usurping the identity of MRW.

If an SMS asks you to install an app from outside the Google Play Store, don’t do it!

Thanks to a tweet published by the IT security company ESET we have learned that the Flubot banking Trojan wants to sneak into our Android smartphones through a fake SMS that sent from a German mobile.

This malware, which we already talked about a few months ago, has previously supplanted the identity of other parcel companies such as FedEx, Correos or DHL.

This malicious message alerts the user that your shipment has been returned twice to the nearest fulfillment center, indicating the code of the supposed shipment and including a link to manage it.

By clicking on this link, it takes us to a website very similar to MRW, in fact, it is the legitimate website of the company that has been hijacked and impersonated, in which we are told how to download an application in .apk format, which has the same name as the impersonated company followed by a number that serves as a reference for attackers to identify the fake SMS campaign in question.

Once the malicious application is downloaded, it will ask us to let’s activate the installation from unknown sources and during the installation we will be asked to give you accessibility perms.

With these permissions, this app can skip Google’s app review system, Play Protect and become the default application to manage SMS, which will allow you to receive messages with verification codes requested by our bank to carry out certain operations, such as bank transfers.

Furthermore, by granting it these permissions, this malicious application will be able to overlap on any other app on the phone, thus supplanting the official applications of banks such as Santander, la Caixa or EVO Bank and thus steal our bank credentials.

In the event that someone is affected by this scam, it is necessary to contact your bank as soon as possible to reset passwords and block possible unauthorized money transfers.

