a new SMS scam seeks to take control of your mobile and your data



Text message scams impersonating logistics companies don't stop. The last detected informs the victim, generally greeting her by name, that an alleged shipment has been delivered on a certain date "at the point of delivery":




Hello [nombre], your shipment was delivered on [fecha] at the point of delivery. See where you can pick up your package here: [enlace]



The SMS devoid of accents, as we can see, ends up inviting the receiver to access a link through which, in theory, they will be able to see the place where the package has arrived. When accessing it, as in previous similar scams, it appears a website with the logo of the FedEx parcel company that prompts us to download an application to know where the shipment is. Something that we should not do.




The application, a banking Trojan, can take control of our device





Screenshots of the web impersonating FedEx.

Screenshots of the web impersonating FedEx.



Repeating the techniques used with other scams such as those that supplant Correos, DHL and again FedEx, the page we access tries to convince us that we must install the application ignoring the more than probable warnings that will alert us that it, more specifically its APK, may be malicious. In fact, it is a banking Trojan.



The web in question lists the steps to follow to download and install it, which we should not do under any circumstances, urging us to modify the settings of our mobile phone and allow the installation of applications from unknown sources. It is the way they have to bypass the security of Android and penetrate the system without major problems.




Once installed, it requests all kinds of permissions from the victims to be able to take control of the device and monitor what happens in it




Once installed, it requests all kinds of permissions from the victims to be able to take control of the device and monitor what happens in it to steal access credentials to banking entities, for example. If we try to uninstall it, a message will appear saying "this action cannot be performed on a system service" since the app becomes a default app.









SMS scams that seek to infect your Android: Correos, DHL, FeDEx ...





As they have verified in Engadget Mobile, analysis of the installation file makes it clear that it intends to obtain all possible permissions. You can connect to the internet, write and send text messages, read phone status, and bypass phone battery restrictions to always run in the background. The detail that the SMS comes with the name of the recipient has to do with the fact that, most likely, the malware Someone who has us on his agenda has been tapped.




The application can be uninstalled, although not using the traditional and usual methods




The way of elimination goes through a more complex process, which involves uninstalling it through ABD in Windows using the Command Prompt application, as in the case we explained in one of the scams that impersonated Correos and had the same purpose. It can also be achieved by accessing in safe mode and removing the granted accessibility permissions, although the malicious application will try to close the settings.



The advice is always the same: distrust above all. We must pay attention to communications of this type that we may receive by SMS or email, do not click on any link if there is the slightest doubt and confirm by other means, that do not involve interacting with the suspicious communication, that what it says is indeed so or not. Also, be aware that the parcel companies will not ask us to install applications to track a shipment and, even less, ask us to disable security measures of the operating system of our terminal.