Hackers are posing as job seekers and distributing a dangerous banking Trojan to steal your money.

Hackers are posing as job seekers and distributing a dangerous banking Trojan to steal your money.

Looking for a new job is already a difficult process by itself, but now hackers are trying to make things even harder for prospective job seekers by infecting their phones with banking Trojans designed to target the financial apps and services they have installed on their devices. trying to make things even more difficult for them.

As reported by The Hacker News, cybersecurity researchers have discovered a new mobile phishing campaign used to distribute an updated version of the Antidot banking Trojan. Codenamed AppLite Banker by mobile security firm Zimperium, which first discovered the new campaign, the malware is able to steal victims' PINs in order to remotely take over their smartphones. [This banking Trojan specifically targets 172 banking, financial, and crypto apps, using an overlay attack to obtain credentials when users attempt to log into these apps.

Here is everything you need to know about the AppLite Banker Trojan, plus tips and tricks to stay safe from hackers during your next job search.

In a new blog post, Zimperium's zLabs team explains that the hackers behind this campaign pose as recruiters and HR professionals (as seen in a similar Windows-based campaign this summer) to lure potential victims with job offers The company claims that they are trying to lure potential victims with job offers. Worse, they pretend to be well-known organizations, including Euskatel, Eminic, Distributel, and Oasis, and use carefully crafted emails to avoid suspicion.

The hackers also promise victims $25 per hour to accept the offer. If a job seeker falls for this initial email, they are directed to a malicious landing page where they can continue the application process or schedule an interview. However, the page manipulates the job seeker into downloading a CRM (customer relationship management) app for Android. While the app itself appears legitimate at first glance, it is actually a malware dropper that is used to deploy a major payload to the device.

To circumvent the best Android antivirus apps, this fake app uses a number of obfuscation techniques, such as manipulating the ZIP file structure and Android manifest file. These techniques render antivirus apps and other anti-malware tools ineffective and allow malware to take control of vulnerable Android devices.

When this malicious app loads for the first time, an account creation page is displayed. After creating an account and logging in, you are told that you need to install an “update” in order for the app to function properly. But as you may have guessed, this update is actually the AppLite banking Trojan.

Clicking the “Update” button in the app displays a fake Google Play Store icon to reassure the user before the malware is installed on the phone. Like other Android malware, AppLite exploits Android's accessibility service permissions and grants itself more permissions, which are also used for overlay attacks launched by the malware.

Once installed on one of the best Android phones, AppLite can be used by hackers to open keyboards, unlock devices, download text messages, uninstall apps, send push notifications, etc, all kinds of commands can be initiated.

Just like any other day on the Internet, when you are looking for your next job, you need to be extra careful when it comes to who and what you interact with online.

In this case, the victim should have been very careful about the recruiter and why they contacted them out of the blue in the first place. Were they actively looking for a job? Had they submitted their resume to the job site? If not, then an email with an offer like this would definitely seem like overkill. However, if their job search was not going as planned and they had been looking for a while, they might be more likely to let their guard down and head to the sites mentioned in the initial email.

That said, if you have to sideload an app to apply for a job, that's a big red flag. An actual company would tell you to download the app from the Google Play Store or the App Store. I can understand if a company wants you to download Zoom or some other popular work tool, but it's unlikely they'll let you download their own in-house app.

When looking for a new job, stick to trusted, well-known job sites like Indeed, Monster, ZipRecruiter, and LinkedIn. From there, be wary if they ask you to download a file or especially an application. Most job applications and hiring is done through web portals, so there is no need to download them in the first place.

According to my contacts at the search giant, Google Play Protect protects against known versions of AppLite. Likewise, you should also consider using the best identity theft protection services to recover lost funds and your identity after being caught up in such a campaign.

Hackers love to target vulnerable people, and anyone who is actively looking for a new job after being fired or laid off certainly fits the bill. Their ability to spot phishing emails and scams may give them an edge over other candidates.

.

Categories