Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

COVID-19 SMISHING

 

Systems Affected



Threat Level


High


Overview


Random SMS (Short Message Service) are sent to users with a notice for free distribution of masks against COVID-19 virus. SMS is equipped with a URL/Link.

Smishing: Phishing method using text messages


Description


Once user has clicked the URL/Link in the SMS, browser will pop up a message " Please update the latest version of Chrome for improved service experience". Malicious application will be installed upon clicking the " OK" button.
 1. Attacker sends the COVID-19 smishing.
 2. Victim clicks the URL/Link in the SMS.
 3. Malicious application disguised as chrome browser update and will be installed if the victim click " OK" button.
 4. Malicious application is launched and leaking personal information.


Impact


  ✻  Leakage of personal information
  ✻  Hijack of information such as messages, phone numbers, model information, bank applications, public certificates, etc.


Solution/ Workarounds


  ✻  Refrain from clicking URL/Link received from unknown
  ✻  Personal information such as mobile number, ID, Usernames, Passwords, etc. should be entered only on trusted sites.
  ✻  Refrain from doing purchases from untrusted websites.
  ✻  Inform your acquaintances of the smishing incident, as the installed malicious application most likely will send similar SMS to your contact list


References


  ✻  https://www.kisa.or.kr/eng/main.jsp


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.