Marriage scam: scammers started sending viruses under the guise of wedding invitations

Fraudsters have started sending Android users viruses disguised as wedding invitations, experts warn. Attackers are using a new malicious program that steals personal data. Details - in the material "Izvestia".

What is known about the new scheme of fraudsters with wedding invitations

About the next scenario of fraudsters told the experts of the team Kaspersky GReAT (Global Center for research and analysis of cyber threats "Kaspersky Lab"). The experts found out that the attackers are using the Tria Trojan - a previously unknown styler program that steals data from SMS, popular messengers and e-mail on infected smartphones.

Photo: Izvestia/Mitriy Korotayev

At the moment, such attacks have been recorded in Asian countries, but experts emphasize that users from other regions, including Russia, may encounter a similar scheme. Attackers spread Tria through personal and group chats in messengers. They send potential victims a wedding invitation and ask them to install an APK file to view it.

In reality, the person downloads the malware. The malware masquerades as a system settings application, so the device owner may not notice anything suspicious. During installation, the virus asks for the user's phone number and permissions, which allow access to sensitive data and functions on the infected smartphone. And one of the detected versions of the Tria styler differs in that it gives attackers the ability to read victims' private messages in messengers and emails.

Why attackers have turned to wedding themes

As part of the new wedding scheme, attackers steal messenger accounts to distribute the Tria styler on behalf of the victim among their contacts and send them messages asking them to transfer money, says Dmitry Galov, head of Kaspersky GReAT Russia.

Photo: IZVESTIA/Sergey Lantyukhov

- Sending electronic invitations to weddings and other events has become commonplace," says the specialist. - Fraudsters know this and take advantage of the low digital literacy of users who are willing to download dubious applications supposedly to view images or videos from messengers.

People associate weddings with positivity, which means that most people will open the invitation at least out of curiosity, without thinking, says Alexandra Shmigirilova, GR-director of the IS-company "Security Code". Only friends and relatives are called to the wedding - the so-called inner circle. It is initially more trustworthy, so even if a person is not expecting any invitations, he can open the file to understand what his friend or relative is talking about.

The specialist adds that the wedding theme is often used by fraudsters, because everything associated with this celebration requires significant costs. For example, fraudsters can under the guise of any company (catering, wedding organization, decoration of the premises, outfits) to offer their services at a lower price or with greater efficiency.

Photo: Izvestia/Eduard Kornienko

- In an understandable desire to save money, newlyweds can be seduced by the promises of fraudsters, transfer the prepayment and lose money, because after that the swindlers stop contacting, - says the expert.

Most often, attackers use phishing emails asking to confirm participation in the wedding banquet, attached malicious files disguised as photos from the wedding or videos or links to phishing sites masquerading as wedding sites or online stores with gifts for newlyweds, adds Marina Probets, Internet analyst and expert at Gazinformservice. In general, fraudsters constantly use the festive atmosphere and emotional involvement of victims, emphasizes the expert.

What are the dangers of wedding fraud schemes

Wedding schemes of swindlers are designed for a wide audience, but with a certain focus, says Marina Probets. First of all, people who have connections with potential newlyweds - their friends, relatives or colleagues - may be in the crosshairs of scammers. The target audience may also be active users of social networks, where such invitations are easily distributed.

- The age range is quite wide: it includes both young people and older people, who may be less experienced in recognizing cyber threats," says the Izvestia interlocutor. - At the same time, there is usually no geographical limitation to such schemes, as they are distributed online.

Photo: Izvestia/Zurab Javakhadze

In general, fraudsters target those who tend to trust messages received from acquaintances and who are not careful enough when working with digital files and links, the expert emphasizes. If attackers gain access to data from the victim's device, they have a large amount of information at their disposal - from SMS, messengers and other communication applications, adds Alexandra Shmigirilova.

Given the popularity of Telegram, where many users send even scans of documents, attackers have a huge number of options for further fraudulent actions. In addition, many smartphones now have programs with personal accounts of banking applications, through which the owner of the phone gets access to their finances in banks. The account credentials of such applications can also fall into the hands of attackers.

- There is another major threat - all sorts of schemes to swindle money under the pretext of a wedding gift, - says Nikita Leokumovich, Head of Digital Forensics and Cyber Intelligence at Angara SOC.

How to protect yourself from wedding-themed fraud schemes

Protection from wedding fraud schemes requires care and caution, says Marina Probets. First of all, the expert advises not to open attachments and do not follow links in suspicious messages, even if they look like invitations from acquaintances. Check the sender of the message, paying attention to minor discrepancies in the name or address.

- Do not install applications from unverified sources and always check the permissions requested by the application before installation," Izvestia's interviewee recommends. - Use reliable antivirus software and update it regularly.

Photo: Izvestia/Mitriy Korotayev

It is also worth remembering that real wedding invitations rarely contain links or request personal data. If the user is not expecting an invitation to the wedding, it is best to ignore such a message: it is unlikely that a loved one would not have warned about it in advance, adds Alexandra Shmigirilova.

However, even if the invitation comes from a user from the contact list, before opening it, it is better to reinsure yourself and call the sender. It seems to be a kind of paranoia, but this is exactly what the fraudsters are counting on - that a person will not be too vigilant when a close person writes to him, the expert concludes.