According to an investigation by Cyble Research and Intelligence Labs (CRIL), a group called InTheBox sells several web injections disguised as various Android banking apps in its online store on the dark web. Android web injection is a module specially developed to collect sensitive information from specific applications.
the Internet news According to his synopsis, the InTheBox store is injected They are disguised as commercial banking services, mobile payment systems, cryptocurrency exchanges, and mobile e-commerce applications. Malware affects services in many countries around the world: Australia, Brazil, India, Indonesia, Japan, Kuwait, Malaysia, Philippines, Qatar, Saudi Arabia, Singapore, Thailand, the United States, and various parts of Europe and Asia.
InTheBox web injections usually come in a zipped package containing an application icon in PNG format and an HTML file. The HTML file contains JavaScript code that collects sensitive data using the masked interface of a mobile application’s input form. In this interface, the user is required to enter mobile banking details, such as user ID, password, and mobile phone number. After that, a new interface is loaded, on which the user is asked to enter the card number, expiration date and CVV data. However, this cannot be requested through any legal application.
The researchers recommend that Only download and install software from trusted sources like official app stores. If possible, use an antivirus, never open links from unknown senders, and activate the Google Play Protect service.
Cover image source: Getty Images
