Kaspersky Botnet Tracking System has detected a new wave of Wroba Trojan activity in Singapore. It uses infected devices to spread further by sending SMS with malicious links. Kaspersky experts saw first traces of the still ongoing wave on August 6th aimed at users in Singapore and consisted of commands to send SMS on Singapore’s phone numbers. Cybercriminals tried to attract users with the notification of parcel arrival and text was ‘Your courier has been delivered. Please check and accept it in time’. Next, there was a link that led to a site that looks like a legitimate one of the logistics company. When a user receives such SMS and clicks the link, the site opens and the downloading of the Trojan begins.
Despite the fact that Wroba is a Trojan for Android systems, it should be pointed out that if the user enters the site via the iOS device, the site will display a fake notification “Your Apple Store account has been restricted for protection. Reauthentication is required.” and redirect the user to a phishing site claiming that the user has to enter his/her AppleID:
“Today, e-commerce is the postal service’s main growth driver. With e-commerce growing exponentially in Singapore, the post and parcel industry is being disrupted at a rapid rate, as delivery services embark on a process of digitalisation to reduce costs, as well as cater to changing consumer demands for up-to-date tracking and prompt delivery services. The Wroba Trojan incident serves as a reminder that the cybersecurity risks of the instant gratification culture remain real and close to home. There is a need for us to remain cautious and carefully scrutinize realistic-looking links before we click or provide any information. Having in place a set of robust security solutions can also help protect our devices against such cyberthreats,” says Yeo Siang Tiong, General Manager for South East Asia at Kaspersky.
After installation on the device, Wroba, among others, is able to:
- Send SMS
- Check installed packages
- Open web-pages
- Get files from folder related to financial transactions
- Steal contact list
- Call specified number
- Show fake phishing pages to steal victim’s credentials
Kaspersky products detect the threat as Trojan-Dropper.AndroidOS.Wroba.g.
More than 4,000 users faced Wroba since the start of the year, according to Kaspersky Security Network. Countries with the biggest number of victims are the Russian Federation, Japan and India. Singapore is not on the top-list here and that makes this SMS campaign interesting – seems that cybercriminals are enlarging the pool of targeted countries and we may see the growth in the number of victims in Singapore.
To prevent this, Kaspersky recommends following these simple rules:
- Download applications only from official resources;
- If possible, disable the installation of applications from third-party sources in your smartphone settings;
- Do not click on suspicious links from unknown senders;
- Install a reliable security solution to protect your mobile device.