AhnLab recently reported on the 20th that it has discovered evidence of malicious applications (apps) impersonating famous securities companies being distributed.
In this case, the attacker created and distributed a malicious app disguised as a mobile trading system (MTS) of a well-known securities company. When the app is executed, a login screen appears, prompting the user to enter personal information such as an ID, password, mobile phone number, account number, and email address during the registration process for asset transactions.
If a user is deceived into entering personal information in the cleverly disguised fake registration page, the entered information is immediately sent to the attacker's server. The stolen personal information can then be misused for further attacks such as credential stuffing.
While legitimate financial platforms undergo verification procedures such as ID duplication, password complexity, and account number validity during registration, AhnLab's analysis revealed that the malicious app in question proceeded with registration without significant verification apart from the registration code. This suggests that the attacker disseminated the app download link via text messages (SMS), group chat rooms, social media, etc., including keywords to attract user attention along with the registration code.
Currently, AhnLab V3 Mobile Security is diagnosing the malicious app. Users should adhere to basic security rules to prevent damage, such as ▲prohibiting app downloads from unclear sources ▲conducting asset transactions only on official exchanges ▲keeping the mobile antivirus app updated.
Jang Yeon-cheol, a senior member of AhnLab's engine development team, noted, "Attackers are creating and distributing increasingly sophisticated malicious apps to deceive users," adding, "As cases of malicious apps being found in official app markets have also been confirmed, mobile users need to exercise particular caution."