We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info
Security experts have discovered hundreds of fake websites which are being used to spread dangerous malware for Android and Windows devices. A “vast” network of over 200 internet pages, which impersonate 27 brands such as household names like TikTok, PayPal and Snapchat, are being used to spread a vicious bug which can empty out bank accounts. These bogus websites feature the notorious ERMAC banking trojan which is capable of stealing sensitive login details for 467 online banking and cryptocurrency apps.
If hackers manage to get hold of the keys to these accounts it can lead to victims being left severely out of pocket.
And, to make matters worse, this latest malware campaign is very convincing – with the Android and Windows trojan being spread on websites that look very similar to the ones they’re impersonating.
One of the only giveaways that something is amiss is the URL for these websites is misspelt.
This type of scam is known as typosquatting, and is where malicious websites are registered to URLs that are similar to official domains.
Besides TikTok, PayPal and Snapchat other websites that were impersonated include the web pages for Google Wallet and design tool Figma as well as unofficial Android app marketplaces like APK Pure and APKCombo. The threat was initially discovered by cyber intelligence provider Cyble, whose findings focused on fake Android websites and app pages. This was later expanded upon by cyber security website Bleeping Computer who revealed the same operators of that malware campaign were also pushing Windows malware via a “vast” network of fake sites.
Discussing the threat Marijus Briedis, a cybersecurity expert at NordVPN, said anyone using Android or Windows needs to be on “their mettle”.
That’s because these nefarious scams rely on easy-to-make errors as a starting point for infecting a user’s device.
Briedis said: “With typosquatting, cyber attackers set out to profit from finger slips and the incorrect spelling of well-known businesses and tools online. Bad actors can register multiple domains using slight variations of a company name like PayPal or TikTok then imitate that website and wait for unwary visitors to connect.
“While visiting the site itself may not do any damage, these spoofed versions are likely to be laced with malware – leaving Windows and Android users particularly vulnerable. They are set up to steal the credentials of users who interact with it.
“To avoid the risk of falling for this scam, it’s worth using a search engine to find a website rather than typing directly into the address bar. This should return the correct site name as its top hit, even if you misspelt it.”
While Cyble offered advice to help people protect themselves from this banking scam and others of its kind…
– Turn on automatic updates on your device wherever possible and pragmatic
– Regularly monitor your financial transactions, and contact your bank immediately if you notice any suspicious activity
– Use a reputable anti-virus and internet security software package on devices like your mobile, laptop and PC
– Refrain from opening untrusted links and email attachments without verifying their authenticity
See today’s front and back pages, download the newspaper, order back issues and use the historic Daily Express newspaper archive.