Why the SMiShing Threat shouldn’t be ignored. by Mobile Threat Research Team, Check Point Technologies. Short for SMS Phishing, SMiShing is a targeted attack aimed at the users of smart phones. Users are generally tricked into downloading some form of virus or Trojan which infects the phone with some form of malicious software. Often disguised […]
Why the SMiShing Threat shouldn’t be ignored.
by Mobile Threat Research Team, Check Point Technologies.
Short for SMS Phishing, SMiShing is a targeted attack aimed at the users of smart phones. Users are generally tricked into downloading some form of virus or Trojan which infects the phone with some form of malicious software. Often disguised as coming from legitimate organisations such as banks, SMiShing attacks are often intended to capture confidential information such as credit card or bank account details via the use of a malicious URL link.
Earlier this year it was the Czech Republic who fell foul of a widespread SMiShing campaign. In this instance the fraudsters used Czech Post (the Czech postal service) as their disguise to trick users into clicking on a malicious link. As is common with these attacks, the link took users to a seemingly innocuous page with what looked like a legitimate address of the Czech Post website. Once launched, the website then downloaded a piece of malware onto the smartphone or tablet device.
A particularly cunning piece of malicious software the app then remains hidden, but active, on the device and each time a user launches any app that requires credit card details (or other personal information) it will intercept the data and send this to the original attackers. Worryingly, because the app was most commonly downloaded to a phone, the malware was also able to intercept SMS messages thus allowing the cyber criminals to gain access to two-factor authentication codes. We saw this kind of activity last with the Marcher banker malware which was discovered in 2013.
In addition to the obvious breach of personal data, this particular threat is also able to act like ransomware, locking a user’s device in order to obtain a financial ransom to restore access. Because the malware communicates with a Command and Control server (C&C) it can send a wide variety of commands such as spreading itself via a user’s contacts database via SMS.
A dangerous piece of malware that is still clocking up victims in the Czech Republic, this campaign underlines just how easily SMiShing attacks can work. Just one example of this effective form of SMS phishing, users can help protect themselves and their devices, first of all, by remaining vigilant to suspicious messages and only ever installing apps from trusted sources that are initiated by themselves and not via an SMS message. Additional security can be implemented by installing anti-virus software specifically designed for mobile devices.