A new cyber attack has targeted Android users, using a clever phishing scheme that disguised malicious applications as trial opportunities for ChatGPT tools and Meta advertising.
Fraudulent emails, which appear to be legitimate invitations, come from a genuine Google address, increasing the likelihood that users will trust them.
A new phishing attack for Android disguises malware as a ChatGPT beta test
Cybercriminals have sent invitations that look like invitations to test beta versions of applications, but by clicking on the provided links, users end up installing malicious APK files, which bypass the entire Google review process by being downloaded outside of the Play Store.
Once installed, the applications present a Facebook login screen, asking users to enter their credentials, which allows attackers to take control of Facebook accounts and access sensitive information.
This attack is considered a continuation of a previous campaign that had already affected iOS users through fake applications in the App Store. SpiderLabs researchers have identified several malicious domains, such as thcsmyxa-nd[.]com and moitasec[.]com, that support this operation and must be blocked immediately.
Users are advised to be cautious of unsolicited app trial invitations and to ensure that they only download from the Google Play Store. Additionally, network administrators should take steps to block identified malicious domains and ensure that work teams are informed about this specific form of social engineering that could affect a large number of people.