Fake Job Offers Lead to Banking Trojan in New Phishing Scam

Cybersecurity experts have uncovered a new phishing scam targeting mobile users, using fake job offers to spread a banking trojan. The attackers pose as recruiters and lure victims with offers of high-paying jobs, such as customer service positions. Once a victim engages with the fake recruiter, they are prompted to download a malicious app disguised as part of the hiring process.

This app is a dropper that installs an updated version of the Antidot banking trojan, now referred to as AppLite Banker by mobile security researchers. The trojan has enhanced features, including the ability to steal users’ PINs, passwords, or unlock patterns and remotely control infected devices. Additionally, it can access and record keystrokes, steal SMS messages, and track phone calls.

The phishing scam has become more sophisticated, with attackers using fake domains and cleverly designed apps to avoid detection. These apps disguise themselves as CRM software, asking users to download updates to “protect” their phone. However, the update is actually malware. Once installed, the trojan can also install overlays to steal credentials from 172 banks, social media accounts, and cryptocurrency wallets, making it a major threat to users.

The attackers target users across various languages, including English, Spanish, and Russian, further expanding the scope of the scam. This widespread targeting makes it crucial for users to stay alert, especially when receiving unsolicited job offers or downloading unknown apps.

To protect yourself from such phishing scams, always be cautious about job offers from unknown sources. Never download apps from unfamiliar websites, and ensure that your device’s security settings block installations from third-party sources. Keep your Android system updated, and activate security features like Google Play Protect. Additionally, avoid clicking on suspicious links and always verify job offers before engaging.