New campaign to post Malware He began to be noticed in Spain in the last hours. Through a text message, officials Impersonation logistics company DHL To report the following receipt of the shipment:
DHL: Your parcel is coming, track it here: [página web que simula ser la de la empresa de mensajería]”
As in the intense campaign Impersonating CorreosUnder the pretext of being able to track the arrival of a package, SMS invites us to reach an address at which an application for Android will be downloaded. this is Implementation Not a package tracking service, but a banking trojan.
The campaign follows the same steps that replaced Correos
After using the Correos theme for a month, actors now also use the DHL theme to target Spanish people:
“DHL.apk”: cb8d182e01219a2a2cf8e568e48035b2bf568541b6c19a2f825b630217c80951
From: https: // dhl-cdn[.]Website / Index / -> https: // dhl-cdn[.]Website / index / dhl.apkEmbed a Tweet Embed a Tweet pic.twitter.com/VVr4IQQZoN– MalwareHunterTeam (malwrhunterteam) January 22, 2021
Days ago, in conjunction with Latest DGT email spoofing, Malware Hunter Team chirp That responsible for the campaign that now replaces the Spanish public company They intended to use the DHL name to work. To that end, they had different ranges that they were supposed to represent as a logistics company.
The warning, launched last Friday, did not take long to materialize. How can we check In social networks, SMS that you use Practically tracking strategy For those used in the campaign that replaced the Post Office.
If users fall into the trap by not suspecting that it may be a text message that has not actually been sent by the company in question, They will first access a website with the DHL logo on it This explains how to download the app – other than The usual procedures Recommended – which would theoretically allow us to track the shipment.
The first recommendation is to not trust this type of SMS, especially if we are not expecting any package. The second is to try to confirm the information by other means before doing anything. And third, always applicable: Do not install apps outside of the Google Play Store
This app makes sense when it comes to Malware, Not available on Google Play and to install it you need to download the APK file provided from the fraudulent website and activate the option Unknown origins On Android, as shown in some instructions. Something that shouldn’t be done, of course.
If they don’t jump at any point in the process System security measuresAnd the The result is that our machine will be infected by a banking trojan That, among other measures, according to Analysis conducted by ESETYou can intercept SMS text messages such as those sent by our bank when you log into the bank OnlineOr accessing our contacts or stealing credentials.
“Creator. Troublemaker. Hardcore alcohol lover. Web evangelist. Extreme pop culture practitioner. Devoted zombie scholar. Avid introvert.”