A new study, whose report is expected to leave people stunned, has unearthed a huge cybercriminal conspiracy to defraud Android users. Developers created more than 100,000 malicious apps for OTP theft, allowing for cheating on online transactions and account checking. This complex operation, effective since February 2022 at the latest, has allowed cybercriminals to initiate a wide supply of apps on the Google Play Store, whose apparent purpose is to secretly steal OTPs in the received SMS messages.
When the viruses are on the computer of an unwary user, the apps silently look for incoming text messages containing OTPs from various online services. These codes are then exfiltrated to the threat actors, who then gain unlawful control of the victim’s account. The scope of the activity is truly impressive, and a significant number of applications that were detected during the study had never been seen before and could not be installed via official marketplaces. The targeted brands are from finance, e-commerce, and social media platforms, thus possibly affecting millions of users, leading to monetary loss and identity theft.
The best way to shield oneself from this threat is to be very careful every time one installs an application from any source, including the official app store. Be sure to use secure passwords and, if possible, use two-factor authentication where the company has allowed it. It is also important to always update your device and the applications on it with new security patches and regularly use genuine antivirus and anti-malware software for your device. Nowadays, we note that threat actors are getting more creative, and hence, it is crucial to remain vigilant while practicing security measures.
