Security experts have detected hundreds of fake websites used for distribution Android and Windows malware. A “huge” network of 200+ websites representing 27 brands such as well-known names such as TikTok, PayPal and Snapchat is used to proliferate a malicious bug capable of draining bank accounts. These fake websites contain the notorious ERMAC banking Trojan, which is capable of stealing sensitive login credentials for 467 online banking and cryptocurrency apps.
If hackers manage to get hold of the keys to these accounts, it can result in victims getting heavily out of pocket.
And to make matters worse, this latest malware campaign is very compelling – with the Android and Windows Trojan being proliferated on websites that look a lot like the ones they’re impersonating.
One of the only clues that something is wrong is that the URL for these websites is misspelled.
This type of scam is known as typosquatting and means registering malicious websites on URLs that resemble official domains.
In addition to TikTok, PayPal and Snapchat, the websites for Google Wallet and the design tool Figma as well as unofficial marketplaces for Android apps such as APK Pure and APKCombo were also impersonated.
The threat was initially spotted by cyber intelligence provider Cyble, whose findings focused on fake Android websites and app pages. This was later expanded upon by cybersecurity website Bleeping Computer, which revealed that the same operators behind this malware campaign were also distributing Windows malware through a “huge” network of fake websites.
Regarding the threat, Marijus Briedis, a cybersecurity expert at NordVPN, said that anyone using Android or Windows needs to “be on guard.”
That’s because these nefarious scams rely on easy-to-make mistakes as a starting point for infecting a user’s device.
Briedis said: “Cyber attackers use typosquatting to try to profit from fingerprints and misspellings of well-known companies and tools on the internet. Bad guys can register multiple domains using slight variations of a company name like PayPal or TikTok and then impersonate this website and wait for unwary visitors to connect.
“While visiting the site itself may not cause any harm, these fake versions are likely riddled with malware — making Windows and Android users particularly vulnerable. They are set up to steal credentials from users who interact with it.
“To avoid the risk of falling for this scam, it’s worth using a search engine to find a website instead of typing it directly into the address bar. This should return the correct website name as a top hit, even if it does you spelled it wrong.”
While Cyble offered advice to help people protect themselves from this bank scam and others of its kind…
– Wherever possible and pragmatic, turn on automatic updates on your device
– Regularly monitor your financial transactions and contact your bank immediately if you notice any suspicious activity
– Use reputable antivirus and internet security software package on devices like your mobile phone, laptop and PC
– Do not open untrustworthy links and email attachments without verifying their authenticity
