Today > vulnerabilities   -   You can now download lists of IOCs here!

Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud

June 3, 2024, 11:48 a.m.

Description

An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers, names, emails and dates of birth under the guise of offering services like driver's license renewals and visa applications. The stolen data is then exploited for financial fraud. The tactics employed include dynamically loading phishing sites via Firebase and stealing incoming SMS messages without user notification.

Date

Published: June 3, 2024, 11:21 a.m.

Created: June 3, 2024, 11:21 a.m.

Modified: June 3, 2024, 11:48 a.m.

Indicators

f9bdeca0e2057b0e334c849ff918bdbe49abd1056a285fed1239c9948040496a

d4d0b7660e90be081979bfbc27bbf70d182ff1accd829300255cae0cb10fe546

b7424354c356561811e6af9d8f4f4e5b0bf6dfe8ad9d57f4c4e13b6c4eaccafb

bf22b5dfc369758b655dda8ae5d642c205bb192bbcc3a03ce654e6977e6df730

94959b8c811fdcfae7c40778811a2fcc4c84fbdb8cde483abd1af9431fc84b44

8c8ffc01e6466a3e02a4842053aa872119adf8d48fd9acd686213e158a8377ba

6f6d86e60814ad7c86949b7b5c212b83ab0c4da65f0a105693c48d9b5798136c

5574c98c9df202ec7799c3feb87c374310fa49a99838e68eb43f5c08ca08392d

164fafa8a48575973eee3a33ee9434ea07bd48e18aa360a979cc7fb16a0da819

shop.wecarerelief.ca

a.jobshuntt.com

lmraa.com

lmjbfv.site

dbjiud.site

Attack Patterns

Android/InfoStealer

TA0002

T1589

T1608

T1550

T1137

T1583

T1531

Additional Informations

Bahrain