A new Android malware more powerful than its previous version is currently attacking Royal mail, app users. According to Computer Weekly's latest report, the newest version of FakeSpy Android, which was first identified in October 2017, is more dangerous and powerful. The new version targets users of different delivery and postal service apps globally, including Royal Mail, as stated by Ofir Almkias of Cybereason's Nocturnus threat research team.
Fake texts, generally a notification of a held packaged or missed delivery, are sent by the hackers in this particular malicious campaign, prompting the targets to download an Android application package that purports to be a download of the sender's app by luring them to click on a malicious link.
The victims of the new Android malware will see two pop-up messages, one to ignore battery optimization features and the other prompting them to give the malware permission to read an intercept every SMS sent to the device after it is installed and opened; even if the device is locked and the screen is off, the malware can still operate normally.
The new Android malware can exfiltrate data such as phone numbers, contact books, data related to any cryptocurrency or banking apps, and details of SMS messages. Any information that may contain authentication certificates related to mobile banking in the national public keys infrastructure (NPKI) folder is also included.