Share

Fake IT-Alerts. Here's how hackers steal banking data

Use fake messages to install an app on your smartphone. Once installed, the malware spied on people and stole their banking information and then emptied their bank accounts. The Civil Protection warns: "It-Alert is not an App, be careful and do not download"

Fake IT-Alerts. Here's how hackers steal banking data

Has been discovered a virus that using IT-Alert, the new national public alert system that sends messages to the population to warn them of serious emergencies, he stole information of the victims.

The researchers of the D3Lab, a cybersecurity company, have, in fact, discovered the spread of Android malware is it imitated the notification system of IT-Alert.

Exploited people's fear

To convey the virus it was enough to exploit a fear that is currently alarming the Campania region: that of the risk of an earthquake and a volcanic eruption in the Campi Flegrei area of ​​Naples.

The message sent to Android users warns, in fact, of a possible earthquake national due to a volcanic eruption and there invites you to download an application clicking on a link: “Due to the possible eruption of a volcano, a national earthquake could occur. Download the app to keep an eye on whether the region could be affected.” 

Once you press the button though, yes downloads a file, Called IT-Alert.apk, which installs malware from the SpyNote family on your smartphone.

What SpyNote malware does

THEobiettivo of this campaign is rsteal your banking information of citizens in order to empty their accounts. Taking advantage of the new alert platform and the lack of awareness that this is not an application but a service that works without any action from users, scammers try to deceive victims.

SpyNote is one spyware with RAT functionality (Remote Access Trojan) known since 2022, is capable of executing operations on the smartphone without the legitimate owner realizing it, even with the screen darkened. It is usually sold via Telegram by its creator CypherRat.

Once installed, spyware can enable you simulate user interactions, such as clicking login or password recovery buttons, and accessing the device's camera to send photos or videos to the Command-and-Control (C&C) server, allowing it to extract personal information from the infected device and sending it to a managed server by hackers.

Furthermore, SpyNote is capable of steal user credentials, including data from banking and social applications. This is done by tricking users with customized web pages that look like legitimate ones, directing them to enter credentials during the normal login process. This virus is dangerous because manages to exploit also the Accessibility function to acquire i two-factor authentication codes (2FA).

There is no It-Alert App, beware of false messages

La civil protection he immediately warned with one official communication to warn Italian citizens to be careful and not fall for a scamfake app called IT-Alert.

“Beware of fake messages inviting you to download an IT-Alert App: it is a virus, the Department of Civil Protection has not developed any App at the moment. The only official website is http://italert.gov.it” the message on X from the Civil Protection.

How IT-Alert works

Already in its institutional communication the Civil Protection had warned that the Transmission of messages via IT-Alert is free and anonymous, does not require the activation of geolocation or online registration, not even for the anonymous questionnaire. The system exploits the cell broadcast technology sending messages to geographically close groups of cells in specific areas affected by an emergency.

It is therefore important to reiterate that There is no app dedicated to IT-Alert and that any message asking to download an app for IT-Alert tests or to fill out a questionnaire is a scam.

Tests completed in the regions

Meanwhile i IT-Alert test in all regions have been completed. The last test took place on 13 October in the Province of Bolzano and in the areas of the Brenta river basin in the Province of Trento.

IT-Alert will become operational from February 2024.

comments