Phishing evolves beyond email to become latest Android app threat

February 17, 2025

Phishing has always been a multifaceted threat, but in the public perception, phishing is usually tied up with email. The process, as stereotyped, is clear: a fraudster sends an email with a bogus message from a trusted company, which tricks the user to login to a fake webpage and give their real address. It is a classic piece of con artistry, and hopefully after years of efforts to promote cyber fraud education, most users are at least aware of the concept of email phishing. However, emails are far from the only avenue of access a threat actor could have to their targets.

Android phones, unlike the tightly locked down iOS phones, have the ability to download apps from outside their native app store with relative ease. There are advantages to this, but the major disadvantage is that it makes them considerably more open to threat actors. Some threat actors exploit this access through the use of phishing apps. The basic idea behind the phishing app is the same as the phishing email: the goal is to trick the user into giving the threat actor login information. Only the delivery method has changed.

These phishing apps have a few different forms. Some of them are copies of popular Android apps, such as TikTok, WhatsApp, or Spotify, which collect login information simply from users trying to log into their favorite services. These copies are unlikely to be hosted on the Google Play Store and are likely served via some form of malvertising. Other phishing apps may seem more legitimate, taking the form of regular videogames or utilities which may serve users bogus requests to connect with a separate social media account in order to harvest their login information. A third kind, potentially more dangerous than the others, does not use any programmatic instructions to retrieve the data. Instead, it simply redirects the user from the app to an attacker-controlled website in an attempt to harvest login data. This is more dangerous because these applications are apparently innocuous enough to be hosted on the Google Play Store.

These applications may seem simple, but they are quite dangerous. In the year 2024 alone, more than 22,800 phishing apps were detected on Android. Of these apps, 5200 had functionality that could subvert multi-factor authentication by intercepting SMS messages. Another 4800 could attempt the same by reading data from the notification bar. These possibilities make phishing apps extremely dangerous. In order to reduce risk, it is highly recommended that users only obtain apps from the Google App Store, which takes steps to prevent malware being sold there.

More from Blackwired

February 10, 2025

Future of Cybersecurity: Will XDR Reshape SIEM & SOAR?

XDR combines SIEM and SOAR for unified, automated cybersecurity, improving efficiency, detection, and response in SOCs.

Read more
February 3, 2025

The Evolving Role of AI in Data Protection

Data Protection Day highlights AI’s role in cybersecurity, its protection needs, and the importance of compliance with privacy laws.

Read more
January 27, 2025

How Hackers Steal Your Password

Password security remains vital as attackers use methods like phishing, keyloggers, and dictionary attacks. Use strong, unique passwords.

Read more

© 2024 Blackwired. All Rights Reserved.