Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud
June 3, 2024, 11:48 a.m.
Tags
External References
Description
An analysis by McAfee's Mobile Research Team uncovered an Android InfoStealer malware masquerading as a government service app in Bahrain. The malicious app, promoted through deceitful Facebook pages and SMS messages, tricks users into providing personal information like CPR numbers, phone numbers, names, emails and dates of birth under the guise of offering services like driver's license renewals and visa applications. The stolen data is then exploited for financial fraud. The tactics employed include dynamically loading phishing sites via Firebase and stealing incoming SMS messages without user notification.
Date
Published: June 3, 2024, 11:21 a.m.
Created: June 3, 2024, 11:21 a.m.
Modified: June 3, 2024, 11:48 a.m.
Indicators
f9bdeca0e2057b0e334c849ff918bdbe49abd1056a285fed1239c9948040496a
d4d0b7660e90be081979bfbc27bbf70d182ff1accd829300255cae0cb10fe546
b7424354c356561811e6af9d8f4f4e5b0bf6dfe8ad9d57f4c4e13b6c4eaccafb
bf22b5dfc369758b655dda8ae5d642c205bb192bbcc3a03ce654e6977e6df730
94959b8c811fdcfae7c40778811a2fcc4c84fbdb8cde483abd1af9431fc84b44
8c8ffc01e6466a3e02a4842053aa872119adf8d48fd9acd686213e158a8377ba
6f6d86e60814ad7c86949b7b5c212b83ab0c4da65f0a105693c48d9b5798136c
5574c98c9df202ec7799c3feb87c374310fa49a99838e68eb43f5c08ca08392d
164fafa8a48575973eee3a33ee9434ea07bd48e18aa360a979cc7fb16a0da819
shop.wecarerelief.ca
a.jobshuntt.com
lmraa.com
lmjbfv.site
dbjiud.site
Attack Patterns
Android/InfoStealer
TA0002
T1589
T1608
T1550
T1137
T1583
T1531
Additional Informations
Bahrain