Russians are attacked by a banking Trojan disguised as a parcel tracker
Hackers have invented a new scheme for spreading a trojan, which became massively used in 2024. This was reported to Izvestia by Kaspersky Lab.
First, fraudsters create websites of non-existent wholesale stores with goods at extremely attractive prices. The contacts on the site include a link to a thematic closed Telegram chat. It says how to contact the manager. When the victim contacts the fake representative of the store, she is asked to specify the details of the recipient, and the order can be paid for allegedly upon receipt. In this way, attackers put the victim's vigilance to sleep, Kaspersky Lab explained.
After a while, a person receives a message that the order has been sent, the company continued. To track it, you need to download a special mobile application-tracker on the link sent by the manager. However, in reality, it leads to a phishing resource mimicking the official app store. Under the guise of a tracker, a person downloads a mobile banking trojan called Mamont.
This trojan requests access to messages and push notifications on the infected device, which are used to steal funds via SMS banking, explained Kaspersky Lab cybersecurity expert Dmitry Kalinin.
The scheme of spreading a trojan via an order status tracker application is especially dangerous in the days before New Year's Eve, when people actively buy gifts and outfits for the holiday, said Daria Verestnikova, commercial director of SafeTech. During this period, users usually have a lot of goods on various marketplaces and online stores, so they can simply let their guard down and download the malware.
Read more in Izvestia's exclusive article:
Don't track: Russians are attacked by a banking trojan disguised as a parcel tracker
Переведено сервисом «Яндекс Переводчик»
