Hi Guys,

We are seeing a massive rise in a new technique called telephone-oriented attack delivery (TOAD), designed to infect Android users with Copybara Android banking malware. In addition to being able to do many invasive things, this malware can steal banking usernames and passwords from a victim.

The campaign has been exposed by cybersecurity researchers at ThreatFabric, who warn the attack is targeting multiple different banks and their customers.

How Does The Attack work?

  • You receive a phone call from a person who pretends to be from your bank.
  • The person who will sound very convincing will ask you to install a security tool on your phone to keep your account secure.
  • The so-called security app that you will install looks the part, and it gives you the idea of security, but in reality, it installs a piece of malware called Copybara, and once you are infected, it can now do the following:
    • Full remote access and control
    • Install additional apps
    • Perform clicks and swipes
    • Ability to type on your screen
    • Ability to intercept 2fa passwords sent from your bank
    • Display fake input forms, which they can tailor toward the victim to gain access to bank accounts and capture passwords

How do you stay safe?

  • If anyone calls you from your bank, you should ask them to give you their full name, department name, and their telephone extension in the bank.
  • Go online, find the main number for the bank, call their main number, and ask to speak to the person by giving their name and the name of their department.
  • If they exist, you will be patched straight through. If not, you have just avoided being scammed.
  • Do not let them put you under pressure, as they will do their best to scare you to force you to make a wrong move. Keep your head.

This malware wave is sweeping the world at the moment. Please make your family and friends aware of it and what to watch out for.

All the best,

Max Roberts,
Incognito Privacy Care team.