Fake Vietnamese bank application to scam customers

Minh Ánh (Theo CyProtek) |

Hackers use fake applications to take control of devices, steal OTP codes and users' assets at the bank.

Continuing the series on the GoldFactory campaign, the CyProtek investigation team of the Anti-Fraud project continues to reveal another sophisticated trick - using fake applications to appropriate assets.

When your phone becomes "delicious bait"

CyProtek’s investigation not only exposed the “account lockout” tactic, but also revealed how the hackers used fake apps to take full control of the victim’s device. This is an upgrade in the GoldFactory cyberattack campaign, making the scam more dangerous and difficult to detect.

These apps are often distributed through fake websites. During the 277-day investigation, the investigation team discovered more than 421 websites designed to lure victims into installing malware.

The Journey of a Fake App

These applications are not simply "strange" software. They are elaborately designed with eye-catching interfaces, names similar to banking applications or reputable organizations such as Public Security (VNEID), Social Insurance (VSSID), Electricity (EVN), Tax Department (ETax Mobile) or online public services. Hackers often approach victims via SMS, Zalo, or fake calls, asking them to download the application via the attached link.

“When the victim clicks on the link, the .apk file (for Android) or other fake software will be downloaded to the phone. Once installed, the app will ask for deep access permissions such as accessibility, message reading, and file access. This is when the hacker takes control of the device,” the investigation team analyzed.

Hinh thuc lua dao nay khong moi ma chi la bien the cua cac chieu tro da xuat hien tu truoc. Cac co quan chuc nang va bao chi da lien tuc canh bao ve thu doan nay tu nam 2023 den nay. Mac du thay doi doi chut ve kich ban, hinh thuc nay van dac biet nguy hiem voi nhung nguoi dung thieu canh giac. Anh:
Authorities and the press have been warning about bank fraud since 2023. Despite some changes in the scenario, this form is still particularly dangerous for unwary users. Photo: CyProtek.
Khi ung dung gia mao da duoc kich hoat day du quyen truy cap, hacker thuong hien thi mot giao dien gia tren man hinh cua nan nhan voi thong bao nhu: “Nhan vien dang xac thuc, vui long khong thao tac tren dien thoai.” Giao dien nay duoc thiet ke de nan nhan tin rang viec thiet lap dang dien ra va khong nghi ngo bat ky dieu gi. Anh:
Once the fake app has been fully enabled, the hacker will often display a fake interface on the victim's screen with a message like: "Staff is authenticating, please do not operate on the phone." This interface is designed to make the victim believe that the setup is taking place and not suspect anything. Photo: CyProtek

Accessibility permissions - "back door" for hackers

Once accessibility permissions are granted, the rogue app can:

Track all device actions: Including password and OTP code entries.

Deletion or alteration of data: Messages containing OTP codes or notifications from banks can be deleted before the victim can read them.

Overlay: Display a fake screen to trick the victim into thinking the transaction is being done securely with their biometric face.

“There are cases where victims have provided OTP codes to hackers without knowing it, because they believed they were working with the bank's official interface,” the CyProtek team shared.

Signs that your phone is being controlled

The CyProtek team has compiled common signs when a phone has a fake application installed:

The machine runs slow and gets hot abnormally, even when not used much.

Battery drains fast, mobile data traffic spikes.

Strange applications appear that the user does not remember installing.

Messages, notifications from banks or apps are deleted automatically.

Some settings on the phone are changed, like enabling unknown access or accessibility permissions.

Startling numbers from the investigation

The investigation team analyzed data from more than 64 servers used by hackers to control victim devices, and discovered that hundreds of accounts were taken over within hours of the fake app being installed.

"Hackers not only make money transfers but also exploit personal data such as photos, videos, and sensitive information to carry out other fraudulent acts," said Mr. Ngo Minh Hieu, a representative of the group.

How to avoid falling into the fake app trap?

Based on the investigation results, the CyProtek team recommends users to:

Only download apps from official sources: Google Play Store, Apple App Store.

Don't click on links from unknown sources: Messages or emails with strange links attached are suspicious signs.

Check app access: Do not grant accessibility or device administration permissions to apps from unknown sources.

Use antivirus software and firewalls: Make sure applications are installed securely.

Beware of .apk file download requests: This is a common way to distribute malware on Android.

Fake apps are not only a tool for hackers but also a lesson for all users. In the digital age, protecting personal devices is not only a responsibility but also the only way to protect your assets and identity.

Remember: no reputable bank or organization will ask you to download apps from unofficial sources. Your vigilance is the best defense against hackers' sophisticated tricks.

Minh Ánh (Theo CyProtek)
TIN LIÊN QUAN

Wrong password - sophisticated scam targeting bank customers

|

Hackers impersonate bank employees and use the "account locking" trick to steal assets via OTP code.

Deepfake, online fraud is becoming more dangerous

|

Experts warn of the risk of a new wave of security attacks from 2025, as artificial intelligence (AI) makes scams and deepfakes more dangerous.

Google introduces Android security enhancement tool

|

Google launches Android System Key Verifier to improve security for Android devices.

Singaporean Prime Minister's wife attends cultural activities in Hanoi

|

Ms. Loo Tze lui - wife of Singaporean Prime Minister Lawrence Wong - and her wives of senior Vietnamese leaders participated in cultural activities in Hanoi.

HCMC finalizes groundbreaking of more than 2 billion USD Metro line passing through 6 districts

|

The Ho Chi Minh City People's Committee has finalized the groundbreaking of Metro Line 2 (Ben Thanh - Tham Luong) over 11km long, running through 6 districts: 1, 3, 10, 12, Tan Binh, Tan Phu in December 2025.

Hour 9: Too foggy to rain - Part 1

|

Hour 9 - The young couple had a child before finishing university. The wife decided to work to support her husband to continue studying. What will be the future of their small family?

US resumes mineral agreement with Ukraine after tensions

|

The US continues to propose a new mineral deal with Ukraine after plans to sign the previous deal were delayed.

Sa Pa town wishes to keep its name after the merger

|

Lao Cai - Sa Pa town is developing plans to merge at the commune level to reduce units according to the direction of the Central Government.

Wrong password - sophisticated scam targeting bank customers

Minh Ánh (Theo CyProtek) |

Hackers impersonate bank employees and use the "account locking" trick to steal assets via OTP code.

Deepfake, online fraud is becoming more dangerous

NGUYỄN ĐĂNG |

Experts warn of the risk of a new wave of security attacks from 2025, as artificial intelligence (AI) makes scams and deepfakes more dangerous.

Google introduces Android security enhancement tool

Anh Vũ |

Google launches Android System Key Verifier to improve security for Android devices.