SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Smartphones
#
Malware
#
Endpoint Protection

Android users targeted by fake wedding invitation malware

Yesterday
Author image
By Shannon Williams, Journalist

Kaspersky's Global Research and Analysis Team has identified a malicious campaign that has been targeting Android users through fraudulent wedding invitations.

The malware, referred to as the Tria Stealer, is disguised as a legitimate application and exploits permissions to obtain sensitive data from victims. It forwards text messages and emails, hijacks WhatsApp and Telegram accounts, and requests one-time passwords (OTPs) for access to various online services.

Android device users may install applications directly via APK files, circumventing official app stores such as Google Play. This method, while sometimes convenient, can be exploited by cybercriminals to disseminate malware, Kaspersky said. The Tria Stealer is being distributed in APK format through Telegram and WhatsApp chats using social engineering tactics that invite users to a fake wedding.

Upon installation, the malware seeks permissions enabling access to sensitive functions like reading text messages, call logs, and monitoring network activities. It can also display alerts, run background operations, and restart automatically. The application, masquerading as a system settings app, deceives users with its gear icon, appearing authentic.

Kaspersky said users are asked to provide their phone numbers, which the attackers capture alongside device-specific information. The information is conveyed to the attackers using Telegram bots.

Fareed Radzi, Security Researcher with Kaspersky GReAT, stated, "This malicious application has been named 'Tria Stealer' by Kaspersky based on unique text strings found in the campaign's samples. Our investigation suggests that this stealer is likely operated by Indonesian-speaking threat actors, as we found artifacts written in Indonesian, namely several unique strings embedded in the malware and the naming pattern of the Telegram bots that are used by the attackers."

Radzi continues, "Stealers can inflict serious financial losses and privacy breaches, and it's very important for individuals and corporate users to always be on alert and avoid blindly following requests that they get online, even if these come from someone they know."

Founded in 1997, Kaspersky is a global cybersecurity and digital privacy company wiith more than a billion devices protected to date from emerging cyberthreats and targeted attacks.

Kaspersky has offered guidance to prevent falling victim to such mobile threats. They recommend downloading apps exclusively from official stores like the App Store, Google Play, and Amazon Appstore, where apps undergo checks and filtration. Users are advised to scrutinise app permissions diligently before granting them, particularly for high-risk permissions such as message reading. The use of reliable security solutions is also encouraged to detect and manage malicious applications effectively.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SafeBreach launches new exposure validation platform
Sophos acquires Secureworks for USD $859 million
artius.iD welcomes Jeffrey Keplar to advisory board
Deepfake threat looms for B2B marketing leaders, says report
Quest launches new solutions for cyber resilience boost
Top stories
CyberArk & SentinelOne unite for enhanced threat defence
AttackIQ expands with DeepSurface's cybersecurity expertise
Nymi launches Nymi Band 4 for secure Industry 4.0 use
Kaspersky enhances threat lookup with AI-driven insights
Cloud Security Alliance unveils new AI governance report