Over 750 cases of Android malware-related scams were reported in the first half of 2023, including 11 cases involving the unauthorised withdrawal of Central Provident Fund savings.
It’s so sad that we learned nothing since the early 2000s. “Please send me money here’s payment.exe” shouldn’t work anymore.
I do wonder how it gains these additional permissions, though. Overlay scams don’t work for (competently developed) banking apps, so the app needs to either have a system signature to bypass security mechanisms or root access.
Are they exploiting known vulnerabilities? 0days? Anyone have a link with more details about how the malware itself actually works?
It’s so sad that we learned nothing since the early 2000s. “Please send me money here’s payment.exe” shouldn’t work anymore.
I do wonder how it gains these additional permissions, though. Overlay scams don’t work for (competently developed) banking apps, so the app needs to either have a system signature to bypass security mechanisms or root access.
Are they exploiting known vulnerabilities? 0days? Anyone have a link with more details about how the malware itself actually works?