Spyware VN84App found attacking Vietnam mobile users
More than 300 users became victims in a short period of time. Illustrative. Photo: vietgiaitri.com
The spyware can penetrate a smartphone to monitor and steal sensitive information like OTP codes and private messages of owners.
BKAV said VN84App is spread via fake websites of State agency including the site of the Ministry of Public Security.
When netizens access these websites, they are instructed to download a mobile phone application with the .apk extension. Upon successful installation, VN84App will silently collect confidential data including messages, phone numbers, IMEI information to send to the hacker’s server.
The spyware monitors users’ private SMS when it requests the right to become the default message delivery on the phone. It also asks for the right on other features of the phone like accessing the call history and phonebook.
The cybersecurity firm discovered the stolen data are sent to a Command & Control server at the IP address of 18.104.22.168, with two service portals of 22 and 80. The latter one, at http://22.214.171.124, has a Chinese interface and mostly aims at hefty bank transactions of billions of Vietnam dong.
Nguyen Van Cuong, Head of Bkav’s analysis team, suggested mobile phone users to increase their awareness about calls from strangers with unknown origin, to not blindly follow any instruction of such people, and to properly install anti-virus apps for full protection of their devices.