Skip to Content
© Paulus Rusyanto | Dreamstime.com
Security & privacy

Shocking texts from Chinese hackers fooling people out of their money

Android users are no strangers to malware. In fact, malicious apps are common enough on the Google Play store that browsing for new software can feel like walking through a minefield.

Of course, there are a few ways you can tell which programs are safe to download. A low amount of perfect reviews with very few comments, for example, can indicate a fraudulent app. Tap or click here to see how to spot the latest batch of Google Play malware.

But Google Play isn’t the only thing Android users have to worry about anymore. A brand new phishing scam is attacking Android users via text message, and if you fall for the bait, it can steal your financial data and text messages right from under your nose. Here’s how you can spot it before it wrecks your phone.

Just another thing for Android users to worry about

According to cybersecurity firm Cybereason, dangerous Android malware has escaped the confines of malicious app downloads. Thanks to a group of Chinese hackers, the FakeSpy malware is now circulating via text message, which makes it an extremely dangerous threat to Android users everywhere.

FakeSpy has existed in the wild since at least 2017, but this new version is tricking people into installing it through a highly convincing delivery alert.

Here’s how it works: Potential victims receive a text message claiming to be from a shipping service. The message will say that the victim “missed their delivery,” or that their “package couldn’t be delivered,” and will include a link to click on.

RELATED: Tap or click here to see another dangerous delivery scam you need to be aware of

Once the link is clicked, malware installs itself to your device. From here, victims are taken to a menu where they can select their “postal service.” Clicking any of these options opens a fake website disguised as mainstream postal carriers like the USPS and DHL, and any information you enter can be siphoned by the hackers responsible.

And speaking of the hackers, we actually know who’s behind this wave of phishing attacks. A China-based hacking collective calling itself “Roaming Mantis” appears to be responsible, and this group is already well known as a threat actor to security researchers.

While Roaming Mantis had mostly attacked targets in Asia previously, its activities now have a global reach. The new campaign shows that the group is rapidly expanding its horizons, and even the malware itself appears to have been recently updated and refined by Roaming Mantis.

What can I do to avoid getting phished?

Because this campaign is spread by text messages rather than malicious app downloads, it can be quite a bit harder to avoid. This goes double if you subscribe to any kind of text alerts from your postal carriers.

Thankfully, every major carrier in the U.S. has an official tracking website you can visit to check the status of your deliveries. To make sure you don’t miss any real notifications while you avoid the FakeSpy scam, always verify any delivery update messages on the carriers’ official website.

As an example, let’s say you get an alert from “USPS” saying your package has been delayed. Instead of clicking the link in the text message, just visit the USPS official website and type in your tracking number. Any status issues will be displayed, and you can trust that the information is coming from a reliable source.

RELATED: Tap or click here to see a trusted app you can use to track all of your different deliveries

As for your text messages, avoid clicking on any links unless you explicitly know who is sending the message and why. With FakeSpy, just clicking the link is enough to force an unwanted download. Don’t give these scammers the opportunity to infect your system.

Another precautionary step we recommend taking is to have a backup of all your important files and documents. This way if your device gets infected with ransomware or another version of malware that destroys it, you have easy access to your files. We recommend using our sponsor, IDrive.

With IDrive, you can back up all your PCs, Macs and mobile devices into ONE account for one low cost. And now, you can go to IDrive.com and use promo code, Kim, to save 90% on 5 TB of cloud backup! 

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook