Security researchers from FireEye recently uncovered a new piece of Android malware that can mimic the look and feel of app interfaces from the likes of Uber, WhatsApp and Google Play. The malware reportedly struck first in Denmark and is now making its way through a handful of other European countries, including Italy, Germany and Austria.
According to researchers, the malware is spread via a basic yet cleverly deceptive SMS phishing scheme. When a user receives and subsequently clicks on an ostensibly legit link, the malware is downloaded and begins to monitor which apps are active and which apps are running in the background. What happens next is extremely clever: when a user attempts to use an app that the “malware is programmed to target”, the software overlays a fake user interface with “nearly identical credential input UIs as seen in benign apps.” In turn, the malware than asks unassuming users to enter in sensitive information such as their banking credentials or credit card information.