Job Scam Alert: Fake Recruiters Deploy Advanced Banking Malware Through Employment Offers

Job Scam Alert: Fake Recruiters Deploy Advanced Banking Malware Through Employment Offers

Banking Trojan Evolves: New Mobile Phishing Campaign Targets Job Seekers

Security researchers have uncovered a sophisticated mobile phishing campaign distributing an updated version of the Antidot banking trojan, now dubbed AppLite Banker. The operation primarily targets job seekers with fake recruitment offers, promising attractive compensation of $25 per hour.

The attack begins with fraudulent job listings, notably from a supposed Canadian company called Teximus Technologies, advertising remote customer service positions. Victims are directed to download what appears to be a CRM application, which serves as a dropper for the main malware.

Key Features of AppLite Banker:
– PIN/pattern/password theft capabilities
– Remote device control
– SMS message manipulation
– Call blocking and forwarding
– Keylogging functionality
– VNC remote access
– Credential theft for 172 banking and cryptocurrency platforms

The malware employs sophisticated evasion techniques, including ZIP file manipulation to bypass security measures. It requests Accessibility Services permissions and creates fake Google Play Store interfaces to appear legitimate.

The campaign targets users across multiple languages, including English, Spanish, French, German, Italian, Portuguese, and Russian. The malware prevents uninstallation and can manipulate device settings, including screen brightness and default applications.

Simultaneously, researchers have identified a separate campaign in Southern Asia utilizing the SpyNote trojan, targeting high-value assets, though no specific threat actor has been attributed to these attacks.

Security experts emphasize the importance of implementing robust protection measures against these sophisticated mobile threats to prevent financial and data losses.

Share This Article