| Malicious Wedding Invitations Infect Android Devices in Malaysia and Brunei |
|---|
| According to a recent report by the Kaspersky laboratory, cybercriminals have launched a fraudulent campaign targeting users in Malaysia and Brunei with fake wedding invitations, spreading the new Android virus TRIA. The attack is being carried out through popular messaging apps like Telegram and WhatsApp, where victims receive messages prompting them to install a mobile application in order to receive a wedding invitation. |
| Once the application is installed, the malware disguises itself within the system settings, asks for the victim’s phone number, and then sends this information to the hackers’ servers. The virus is capable of accessing SMS, emails in Gmail and Outlook, calls, and messages in WhatsApp and WhatsApp Business. This data can then be used by the cybercriminals to compromise accounts, steal passwords, or intercept banking transactions. |
| The ultimate goal of the attack is to gain complete control over the victims’ accounts on WhatsApp and Telegram. Compromised accounts allow the fraudsters to further spread the virus to the victims’ contacts or send requests for money transfers on behalf of the account owner. Two Telegram bots are being utilized to process the stolen data, one for intercepting messages from messengers and emails, and the other for capturing SMS. |
| While the exact number of victims is currently unknown, reports on social media suggest that a significant number of Android users in Malaysia have been affected by this malicious campaign. The Kaspersky laboratory has been monitoring the attackers’ activity since mid-2024. |
| Experts have not attributed this attack to a specific group, but have noted that the hackers appear to speak Indonesian. This is not the first time such an attack has been observed in the region – in 2024, Kaspersky’s laboratory uncovered a similar Udangasteal campaign targeting users in Indonesia, Malaysia, and India. During that campaign, cybercriminals stole SMS and data using Telegram bots and social engineering tactics involving fake wedding invitations, parcel notifications, tax reminders, and job offers. |
| Despite the similarities between the Tria and Udangasteal campaigns, there are key differences. The new virus targets a wider range of communication channels, including email and messengers, and the geographical scope of the attacks varies. Researchers are urging users to avoid downloading unknown apps, refrain from clicking on suspicious links, and implement multifactor authentication to enhance the security of their accounts. |
/Reports, release notes, official announcements.