Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud

June 3, 2024, 11:48 a.m.

Description

An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers, names, emails and dates of birth under the guise of offering services like driver's license renewals and visa applications. The stolen data is then exploited for financial fraud. The tactics employed include dynamically loading phishing sites via Firebase and stealing incoming SMS messages without user notification.

External References

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-bahrain-government-android-app-steals-personal-data-used-for-financial-fraud/
https://otx.alienvault.com/pulse/665da74bd824844db944a0fc
Tags
phishing
android
infostealer
fraud
malicious
2024-06-03
android/infostealer

Date

  • Created: June 3, 2024, 11:21 a.m.
  • Published: June 3, 2024, 11:21 a.m.
  • Modified: June 3, 2024, 11:48 a.m.

Indicators

  • f9bdeca0e2057b0e334c849ff918bdbe49abd1056a285fed1239c9948040496a
  • d4d0b7660e90be081979bfbc27bbf70d182ff1accd829300255cae0cb10fe546
  • b7424354c356561811e6af9d8f4f4e5b0bf6dfe8ad9d57f4c4e13b6c4eaccafb
  • bf22b5dfc369758b655dda8ae5d642c205bb192bbcc3a03ce654e6977e6df730
  • 94959b8c811fdcfae7c40778811a2fcc4c84fbdb8cde483abd1af9431fc84b44
  • 8c8ffc01e6466a3e02a4842053aa872119adf8d48fd9acd686213e158a8377ba
  • 6f6d86e60814ad7c86949b7b5c212b83ab0c4da65f0a105693c48d9b5798136c
  • 5574c98c9df202ec7799c3feb87c374310fa49a99838e68eb43f5c08ca08392d
  • 164fafa8a48575973eee3a33ee9434ea07bd48e18aa360a979cc7fb16a0da819
  • shop.wecarerelief.ca
  • a.jobshuntt.com
  • lmraa.com
  • lmjbfv.site
  • dbjiud.site
Download all indicators here!

Attack Patterns

  • Android/InfoStealer

Additional Informations

  • Bahrain