During Unit 42 ivestigation discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting their radar.
The research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud. To do this, the threat actor masquerades as a law enforcement official and says the target’s phone number or bank account is suspected of being involved in financial fraud. They then guide the person to download an app that will allow the attacker to investigate their bank transactions. The threat actor then instructs the person to select their bank from the app and fill in their personal information, including payment card details.
Read more…
Source: Palo Alto Unit 42