FakeSpy Targets Royal Mail App Users

An updated version of the FakeSpy Android malware family is actively targeting Royal Mail app users, according to Computer Weekly. Evolving rapidly, this new version of FakeSpy is significantly more powerful than previous iterations. Researchers from Cybereason’s Nocturnus have found that the malware’s developers are coding in new evasion and obfuscation techniques, and releasing new versions on a weekly basis. Having initially targeted Android users in Japan and South Korea, the malware has now begun are exploiting the brands of postal services companies in many other countries, including France’s La Poste, Germany’s Deutsche Post, and the US Postal Service, as well as Royal Mail in the UK. FakeSpy relies on smishing, such as fake notifications of a held package or missed delivery, to worm its way inside its victims’ devices.


EXPERTS COMMENTS
Niamh Muldoon, Senior Director of Trust and Security EMEA,  OneLogin
July 01, 2020
A key security requirement with the mobile workforce (which we now all are to a certain extent due to the COVID-19 restrictions) is identity.
The challenge for the individuals and organisations building delivery apps such as the ones targeted by the latest FakeSpy variation is building a process that enforces MFA without introducing too much end-user friction; balancing the risk and user-acceptance is key. For example, using an MFA solution that supports Adaptive Authentication with a variety of options ranging from hard tokens to mobil ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
July 01, 2020
You must always remain vigilant to any message received, as it’s not just phishing emails that contain dodgy links.
Fake texts from postal services work extremely well, as the victims expect an unknown number, and – even if they haven’t ordered something – they assume the message is genuine, clicking through to any given links. As more of us shop online than ever before, it is easy to lose track of the sheer number of parcels ordered, increasing the possibility of a slip-up. However, the security advice ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article