How Malicious App spreads via official App Store
Phishing attempt to the target customers of Nexi SpA, the Italian Pay Tech of digital payments.
Phishing attempts are increasing at an exponential rate with the advancement of the digital age. Phishing aims to steal money or valuable personal information such as banking details and identity by developing pretentious websites. There are several kinds of phishing techniques among which phishing via app has been currently identified.
There has been a recent attempt to the target customers of Nexi SpA, the Italian Pay Tech of digital payments. Their domain contained the word “Nexi”, ex Nexi[ . ]shop, Nexi[ . ]club and a Phishing SMS with detailed information. Even though it is unusual for the phisher to provide text message and link, in hope that the user will click. In this case there is a message full of pretentious legitimate information and details. Once the victim clicks the link they will be diverted to a phishing portal that requires them to provide, e-mail address of Nexi account, password and credit card details.
The victim is then guided to install a security app from a third party. Once the security app is downloaded they will ask for permission to be allowed to the victim’s personal information such as SMS notifications.
In a tweet Andrea Draghetti, the head of Threat Intelligence has notified about such incident occurring in verified App Stores.
È così son riusciti a farsi approvare un app malevola nel Google Play Store e nel Huawei App Gallery!
😢 sempre più ingegnosi questi phisher!#Phishing #Android #PlayStore #AppGallery https://t.co/ie5PdAyy4f
— Andrea Draghetti 👨🏻💻 🎣 (@AndreaDraghetti) June 3, 2022