Introduction to Malicious APKs
The recent arrest of 13 people who were part of a plan to hack into mobile bank accounts using a courier delivery APK shows how dangerous it can be to install apps that aren't from the app store. But now there is a new group of hackers who use a different method: they send wedding invitation letters that include APKs from outside the Play Store. Once these APKs are installed, they steal OTP passwords from the devices of people who fall for them.
The Danger of Running Dangerous Android APKs
When these dangerous Android APKs are run, a number of warnings will appear saying that loading apps from outside the Play Store is very dangerous and not recommended. Even if these warnings are ignored, there will be more alerts when giving SMS access to the desired app installation, such as access to the device's documents and pictures for the malicious app being installed.
But because most people aren't used to seeing these warnings and tend to give permissions without reading them carefully or thinking about what they mean, this malicious app that takes data can still be downloaded and used.
Credentials Theft Requirements
In fact, getting into the victim's mobile banking account takes more than just installing this rogue app. You need the User ID, Mobile Banking Password, Transaction Approval PIN, and OTP (One Time Password) to get into your mobile banking account. This rogue APK has all of those things. Since this bad APK can only steal OTPs from SMS texts, it makes me wonder how these thieves get their victims' login information for mobile banking.
Is it possible that these criminal groups share databases to find victims, or do databases with information about people who use mobile banking have leaks? We know that during earlier hacking attacks in the middle of 2022, many people who used mobile banking fell for the scam and gave the scammers their banking information after being threatened with a monthly transfer fee of IDR 150,000.
Stay Vigilant: Protecting Yourself from Malicious APKs
Stick to Official App Stores: You should only get apps from trusted places, like the Google Play Store or the Apple App Store. Don't get APKs from shops or services you don't know much about.
Warning signs should be taken seriously: Pay attention to warning messages, especially ones that say you shouldn't install apps from places you don't know. Before you move ahead, think carefully about the risks.
Review App Permissions: Before you give an app any rights, you should carefully look over the permissions it wants and think about whether it needs them to work. Be careful if an app wants to access private information or has features that don't seem to fit with what it's meant to do.
Keep Your Device Updated: Regularly updating your mobile device's operating system and apps will make sure you have the latest security patches and defences against known flaws.
Enable Two-Factor Authentication (2FA): Use 2FA whenever you can for your mobile banking and other important apps. This makes the verification process even more secure by requiring a unique code or biometric identity as a second step.
Conclusion
People who use mobile banking have a big problem with how popular malicious APKs are. You can avoid falling for these scams by being careful, only downloading apps from official app stores, and being careful when offering permissions. Keep up with the news, be careful, and make sure thieves don't get your personal and business information.
