Cybercriminals are opportunists.
Taking advantage of a vast government SMS communication campaign to encourage the installation of the TousAntiCovid application, they have mounted a worrying phishing operation in recent days, as our colleagues from Numerama have spotted.
To do this, the hackers copied and pasted the official SMS to the nearest comma.
But they put a link there to a download site for a fake app for Android smartphones.
“The message is sent by a Gouv.fr sender and displays a URL address with a questionable link which should put the chip in the ear.
This is the only way to distinguish it from the official SMS ”, underlines Thomas Gayet, director of technical audits at Digital Security (Atos) who analyzed the attack.
The victim who opens this link, is then redirected to a malicious site (taken offline this Friday afternoon) which invites to install a fake TousAntiCovid application without going through the official PlayStore applications store.
This version contains malware that is well known to cybersecurity professionals because it is formidable.
“This is an improved version appeared last January of a banking malware that steals all personal data and codes typed in applications.
It is even capable of intercepting authentication SMS sent by banks to confirm purchases, ”explains the specialist.
It works particularly well on Android smartphones released over 3 years ago because manufacturers now block the installation of third-party applications by default.
Newsletter - Most of the news
Every morning, the news seen by Le Parisien
I'm registering
Your email address is collected by Le Parisien to enable you to receive our news and commercial offers.
Learn more
IPhones are not affected because it is impossible to install an application without going through the official channel of the App Store.
🔴 Warning: phishing attempt in progress on Android
The @gouvernementFR SMS campaign has ended since Wednesday.
👉 Check the URL, it should end with https://t.co/JqY3MDKEo9
👉 Install the #TousAntiCovid application from: https://t.co/ctkqNTIb7m
- TousAntiCovid (@TousAntiCovid) December 4, 2020
If you have already downloaded the application, all is not lost because the malware will ask you for permissions which should still raise doubts step by step.
A low cost scam
Most disturbing is how easy it is for cyber criminals to mount such a campaign.
"They take a large package from an operator outside Europe to send thousands of SMS for a few hundred euros," laments Jean-Michel Henrard, the boss of Dust Mobile which provides secure SIM cards.
"Other more technical hackers attack the poorly protected SMS sending system of a legitimate actor and use it as a gateway for their fraudulent operation," he notes.
Out of millions of 06 contacted, it is therefore enough that a hundred victims bites the hook to make profitable this infiltration of smartphones which contain all our personal data.