Even five years after Lookout and Citizen Lab discovered it, advanced mobile spyware Pegasus remains highly relevant as revelation of its widespread usage and evolving capabilities — such as the ability to deliver zero-click attacks — continue to surface.
Security researchers at the Lookout Threat Lab have identified over 170 Android apps, including 26 on Google Play, scamming people interested in cryptocurrencies. Many of them available globally, these apps advertise themselves as providing cloud cryptocurrency mining services for a fee. After analyzing them, we found that no cloud crypto mining actually takes place.
This campaign is the latest example of how attacks are leveraging various mobile-targeting methods to maximize their return. FluBot is a cheap but highly customizable baking trojan. SMS phishing takes advantage of the trust we put on our mobile devices. By fusing the two together, the attacker has created a dangerous apparatus that puts your personal and organizational data at risk.