The software is spread by a text message which reads: “We could not deliver your order. Please check your shipping information here hxxp://bit[.]ly/1ZfcNeV”.
Once the link is clicked on the malware installs itself. After being installed on the target device it places a fake interface over the top of legitimate apps and tricks users into revealing their bank details.
In total the phishing malware mimics eight popular apps on the Google operating system. Alongside WhatsApp and Facebook, which between them have been installed more than 84 million times, it can replicate Uber, Google’s own Play app, Viber, Uber and others.
The research team at FireEye say the scam first targeted people in Denmark, with an estimated 130,000 falling victim to it. But it is now spreading across Europe.
Action Fraud, the UK’s national fraud and cyber crime reporting centre, has issued advice on how to protect your Android device from malware:
Don’t click on links you receive in unsolicited emails or SMS messages. The links may lead to malicious website and any attachments could be infected with malware.
Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store. Always check reviews and ratings as well as developer information before downloading a new app as rogue ones can appear in legitimate app stores as well.
Always make sure you have the latest version of software and antivirus installed.
If your battery suddenly starts draining really fast, consider that it might be a malware problem.