Russians Explained How Scammers Convince People to Download Malware: Several Tricky Schemes

Malicious actors, posing as telecom operators, law enforcement officers, or colleagues, are convincing Russians to download malware. This warning comes from the Department for Combating Illegal Use of Information and Communication Technologies of the Ministry of Internal Affairs of Russia.

Image source generated by the neural network qwenlm.ai

Malicious software does not appear on a device out of nowhere. The goal of the attackers is to bypass your caution and force you to voluntarily install a malicious APK file on your Android phone.

Department for Combating Illegal Use of Information and Communication Technologies of the Ministry of Internal Affairs of Russia

Attackers may pose as a telecom operator and try to convince the victim to install a malicious file under the pretext of "extending the contract," "switching to a new 5G tariff," or "improving the quality of communication."

Fraudsters say that to change the number or tariff, you need to urgently change the settings in the banking application. To do this, you allegedly need to install a special program (for example, Dogovor.apk or 5G.apk). They create a sense of urgency and fear that inaction will lead to problems with communication or banking services.

Scammers may also act as a bank employee. Pretext: "you need to update the banking application," "check accrued bonuses/cashback," "protect the account from suspicious transactions."

Trick: they ask you to install an "updated" or "special protective" version of the banking application (Sber.apk, VTB.apk, CB.apk, Security.apk) in order to "check bonuses" or "transfer money to a safe account." Emotion: they play on the desire to receive benefits (bonuses) or on the fear of losing money.

Department for Combating Illegal Use of Information and Communication Technologies of the Ministry of Internal Affairs of Russia

Posing as employees of government agencies, fraudsters offer to update the "Gosuslugi" application, EMIAS — an electronic medical record, make an appointment, or confirm data. Scammers offer to install an "official" application or a "service" file. They may ask you to dictate or write down an SMS code in a "special" application. They use the authority of state organizations and the fear of not fulfilling an important requirement.

Under the guise of law enforcement officers, attackers may try to convince the victim that fraudsters are trying to seize their accounts and demand that they urgently check the account.

Scammers offer to install the "official" application of law enforcement agencies or the Central Bank (for example, "Kaspersky".apk, Security.apk, CB.apk) allegedly to check the balance or transfer money to a secure account.

They use authority, put a lot of pressure on fear, create panic and the feeling that only their instructions will save money.

Department for Combating Illegal Use of Information and Communication Technologies of the Ministry of Internal Affairs of Russia

They may also act as an acquaintance or "colleague":

Pretext: "Hi, check out these photos/videos!", "Here is a document for you (order, contract)", "There is important information about you/your number here".

Department for Combating Illegal Use of Information and Communication Technologies of the Ministry of Internal Affairs of Russia

They send a link or file (Photo.apk, Video-archive.apk, Order_18.02.apk, IMG.apk) and claim that it contains interesting or important content. With their actions, attackers arouse people's curiosity or intrigue, promising "important information about you."