Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Copybara: An On-Device Fraud Malware Campaign Targeting Android Users
In recent weeks, cyber security researchers have found a concerning Android malware campaign dubbed “Copybara.” This campaign represents an escalating trend in on-device fraud, where malicious software directly compromises victims’ devices to facilitate unauthorised financial transactions.
Copybara’s Functionality
Copybara is an Android trojan that primarily spreads through malicious applications distributed via third-party app stores. Upon installation, the malware seeks to obtain device administrator privileges, granting it elevated control over the infected device. It then employs overlay attacks, displaying fraudulent login screens or prompts to trick users into divulging sensitive information.
The malware’s primary objective is to hijack legitimate financial applications and initiate unauthorised transactions, enabling cybercriminals to siphon funds directly from victims’ accounts or digital wallets.
Attack Vector and Techniques
Researchers have identified several stages in Copybara’s attack chain:
- Delivery: Malicious apps masquerading as legitimate offerings are distributed through third-party app stores.
- Persistence: The malware gains device administrator privileges for persistent access.
- Overlay Attacks: Fake login screens and prompts are displayed to harvest credentials and sensitive data.
- Application Hijacking: Legitimate financial apps are hijacked to initiate unauthorised transactions.
- Data Exfiltration: Stolen funds and sensitive data are exfiltrated to attacker-controlled servers.
Copybara’s operators have also been observed leveraging social engineering tactics, such as impersonating legitimate entities or services, to further deceive victims.
Mitigating the Threat
To reduce the risk of falling victim to Copybara and similar on-device fraud campaigns, users should:
- Avoid downloading apps from untrusted third-party sources.
- Exercise caution when granting permissions, especially device administrator privileges.
- Keep devices updated with the latest security patches.
- Consider installing reputable mobile phone/tablet security solutions to detect and prevent malware infections.
- Regularly monitor bank and building society accounts for unauthorised activity.
If a device is suspected of being compromised, users should immediately change their login and security details, notify their banks for advice, and if necessary, seek professional assistance for device remediation. When updating usernames and passwords for bank accounts, do not use the device suspected of being infected, do this on a different phone or laptop for example.
The Copybara campaign underscores the growing sophistication of mobile malware and the need for heightened vigilance and proactive security measures to protect against on-device fraud and other emerging threats.
Related links
https://securityonline.info/copybara-fraud-campaign-leverages-on-device-fraud-and-social-engineering-tactics/ https://www.cleafy.com/cleafy-labs/on-device-fraud-on-the-rise-exposing-a-recent-copybara-fraud-campaign?_hsmi=292399610&_hsenc=p2ANqtz-8iMcpUI5-iz6hctNPR69gA3oitZHm54bqtbxXLz3vyR6eaPkHib0tDWUj61c4GPU1c1-kVW1aSywQsC-7-1gwooLcEYyGMDZaLJd0dFbDsChhwkoA
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…