Android smartphone users are being warned to be aware of a new ‘missed delivery’ message designed to steal personal details.
Researchers from Cybereason have flagged up a new type of malware called FakeSpy that can hack key personal information.
The malware was first detected by Android users in South Korea and Japan. But it is now being used against people around the world, including in the UK, US, China, Taiwan, France, Switzerland and Germany, MirrorOnline reports.
In the UK, the malware has been aimed at Royal Mail app users.
Ofir Almkias, a researcher at Cybereason, explained: “FakeSpy is an information stealer used to steal SMS messages, send SMS messages, steal financial data, read account information and contact lists, steal application data, and do much more.”
He explained: “FakeSpy masquerades as legitimate postal service apps and transportation services in order to gain the users’ trust.
“Once installed, the application requests permissions so that it may control SMS messages and steal sensitive data on the device, as well as proliferate to other devices in the target device’s contact list.”
Experts are urging the public to log on to a genuine website and look up any expected deliveries from there.
Jake Moore, Cybersecurity Specialist at ESET, said: “Most scam artists won’t know details such as your name and address, but this doesn’t mean it is not a scam if those details are embedded in the message.
“If the message is genuine, there will usually be a physical note left behind for missed deliveries.
“Better still, individuals should log on to the genuine delivery website without clicking on any given link in a text, and look up the expected deliveries from there. If they don’t exist on the site, then you can block the scam text number.
“If users feel they have been conned into giving away details, they should think about upping their security and changing any passwords if they were divulged.”