Poisoned by link: cyber thieves have started creating clones of state applications
Pro-Ukrainian fraudsters are actively developing clones of official applications of state and municipal bodies and Russian banks. Malicious programs that visually imitate official resources are capable of paralyzing the work of a smartphone and stealing funds from the device owner's accounts. How criminals operate, how costly criminal software for developers and how to protect yourself from a cat in a bag - in the material "Izvestia".
Helped to understand
Organized crime spares no effort and money to create new tools for the remote theft of money from the accounts of Russians. In September, a 62-year-old resident of the capital reported to the police that through a message in messenger she was contacted allegedly by employees of the polyclinic and invited to fluorography. The woman explained that she had already undergone the procedure, but the interlocutor asked to perform several manipulations through the application "MinTsifra Russia", which the Muscovite had never used. Then the fraudster volunteered to help. After installing the application, which turned out to be malware, Ukronazi slogans and insults against the Russian leadership appeared on the phone's screen. Later the woman found out that the criminals managed to write off 5 thousand rubles from her account.
The Ministry of Finance officially told Izvestia that they do not have an application with such a name.
Another malicious program helped criminals to steal Br6.8 million from a 58-year-old resident of the capital. The attack began with an SMS with a hyperlink supposedly from the bank. The Muscovite clicked on it, after which malware was installed on his device. The message "Manager in the share" appeared on the screen. As a result, the attackers stole all the man's savings.
The press service of the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation advised users to be vigilant.
"Fraudsters use social engineering methods to fraudulently force a person to self-report login details for a personal account of a banking application, mobile operator and other useful resources. In particular, they can create phishing resources that look very similar to real sites and applications. They do all this in order to get malware installed on your phone and gain access to your personal data," reads the response to Izvestia's request.
The agency also urges to pay attention to the developer and its rating, and to read reviews carefully when downloading applications in the marketplace.
According to the Russian Interior Ministry, from January to July 2024, 434,700 crimes committed with the use of information and telecommunication technologies were registered. The figure increased by 17.1% compared to last year's figure for the same period of time. Legal statistics recorded only 163 facts of creation, use and distribution of malicious computer programs (Article 273 of the Criminal Code of the Russian Federation), last year such crimes were detected almost twice less.
Criminals have long been using clones of popular applications for their purposes. Most often these are fake applications of credit organizations.
Security issues
The main recommendation is to download applications only from official sources, Alexander Vurasko, deputy director of Solar AURA, the Solar Group's external digital threat monitoring center, told Izvestia.
- If we are talking about banking applications or applications of state authorities, such sources are the official websites of banks and agencies, as well as official application stores. You should make sure that you are on the official resource.
The expert notes that fake programs sometimes appear even in official app stores, but the number of such cases is relatively small.
- We recommend using anti-virus software and checking what permissions the application requires during installation," says Vurasko. - And, of course, don't download and install applications from e-mail or SMS links.
According to Pavel Kuznetsov, Director of Strategic Alliances and Government Relations at Garda Group, applications should be installed only from trusted sources.
- Due to the restrictions on foreign app stores in Russia, as well as the blocking of official applications of many domestic organizations, such sources may be trusted sites of these organizations themselves, which is relevant for the financial sector. As well as application stores through which official versions of software are currently available.
Other sources for installation should be avoided, especially those that are imposed on a person by electronic messages of any format - from e-mail to SMS and messages in electronic messengers, the expert added.
The price of the attack
According to Pavel Kuznetsov, the crimes described above are phishing attacks in which the role of "bait" is played not by fake email details or a clone site, but by an application for a mobile device.
- Since the functions of such fakes are often limited to the screen for entering the data required by attackers to steal information (plastic card numbers, etc.), their development costs are minimal. In fact, such attacks have been and are being carried out with enviable regularity and are not new.
He recommends using anti-malware tools on mobile devices if the device and operating system manufacturer allows their installation.
