Some sports fans might want to see the Sochi Olympics from their Android mobile devices. Cybercriminals are aware of this, so they’ve started sending out spam emails that advertise what appears to be a live streaming app.
The emails are entitled “Olympic live stream in Sochi” and they contain a link to a website that hosts an application file called “olympic.apk.”
In reality, this is a banking Trojan identified by Kaspersky as HEUR:Trojan-SMS.AndroidOS.FakeInst.fb. Once it’s installed on a device, the threat contacts a C&C server, and sends it various pieces of information collected from the phone, including contacts.
Then, the malware sends an SMS with the text “BALANS” to a special number of a Russian bank. If the victim is the bank’s customer and uses the company’s mobile service, he/she receives a message with the account balance.
This is where the “fun” starts. The Trojan intercepts all messages so that the victim doesn’t know what’s going on. In the meantime, cybercriminals can transfer up to 10,000 rubles ($285 / €207) from the victim’s account to their own.
The bank in question has not been named by Kaspersky. However, it has been chosen by the cybercriminals because it offers customers mobile banking services which they can abuse.
“Social engineering has always posed a danger. Users should be especially careful during major world events. At the very least, avoid clicking links sent in messages by people you don’t know. There’s always a risk that you’ll fall into a trap and lose quite a bit of money,” Kaspersky Lab Expert Roman Unuchek noted in a blog post.
Check out Kaspersky’s blog for additional details on HEUR: Trojan-SMS.AndroidOS.FakeInst.fb and some recommendations on how to avoid falling victim to such attacks.