Some Vietnamese users have lost billions of dong due to installing counterfeit software.

As VietNamNet previously reported, a representative from the Information Security Department of the Ministry of Information and Communications stated on July 5th that, over the past week, a campaign has been rampant on the Vietnamese internet, tricking people into installing fake government and General Department of Taxation apps.

According to analysis by experts from the Information Security Department, in the scam campaign involving malicious “.apk” apps impersonating the General Department of Taxation and the aforementioned government apps, the perpetrators used nearly 195 different systems to deceive people.

On the evening of July 7th, along with updating information on the increasing number of users whose bank accounts have been compromised due to downloading and installing fake software, expert Vu Ngoc Son, Technical Director of NCS Company, also explained how malware can help hackers remotely control and execute money transfer orders on the victim's phone.

Specifically, according to expert Vu Ngoc Son, typically, each application on a phone is given a "sandbox" by the operating system for execution. This prevents one application from reading data or interfering with the operation of other applications. This highly secure design ensures that even if the phone is infected with malware, the malware cannot steal data from applications on the device.

However, a Google design in Android called Accessibility Service, intended to help visually impaired or mobility-impaired users use smartphones, has been exploited by hackers. Hackers used Accessibility Service to program malicious code that could read content and interact with other applications. This breached Google's "sandbox" security design.

Although Google quickly recognized the danger of Accessibility Services by removing almost all apps that used this permission from Google Play, hackers once again found a loophole: distributing software on unofficial marketplaces – where Google's censorship measures are ineffective.

"This is also why malware that steals money from bank accounts in recent cases in Vietnam is not available on Google Play, but is instead uploaded via direct download links for .apk files. In this way, scammers trick users into granting access permissions to the fake application. Once permission is granted, the fake application can lie dormant like a spy, collecting information, even controlling banking applications, entering account numbers, passwords, and then OTP codes to transfer money," expert Vu Ngoc Son analyzed.

Based on "decoding" the operating mechanism of malware installed in fake government and tax-related applications, expert Vu Ngoc Son recommends that users be wary of requests to install software, especially on Android devices, during this time. In particular, absolutely do not grant Accessibility permissions. No applications from banks, tax authorities, or any other agency request this permission.

Sharing more about the scam method of defrauding users by tricking them into installing fake apps containing malware, experts from NCS Company assessed that this is not a new form of attack; hackers often impersonate an agency or organization to trick users into installing fake applications on their phones.

Furthermore, these fake applications currently only work on the Android operating system, and the download links are located outside the Google Play Store. iPhones currently do not allow installation from sources outside the Apple Store, so they are not vulnerable to this type of attack.

To avoid this scam, experts advise users to pay attention to a few principles: For Android phones, only install applications by going directly to the Google Play Store and searching for the corresponding software there. Similarly, for iPhones, users should only install from the Apple Store.

Furthermore, users should not click on links received via text messages. In case of doubt, users should verify the information with the relevant agency or organization through the officially published phone number.

(Source: Vietnamnet)