Security researchers have recently discovered an active malware campaign that can steal private information — from passwords to cryptocurrency wallets — saved in web browsers.
Malicious actors are tricking unsuspecting users into downloading the malware by advertising what appear to be legit apps. Unfortunately, the ads lead to sites mimicking the Microsoft Store, Spotify, and a PDF converter app.
- The best Microsoft Surface deals in April 2021
- Best VPN services 2021
- Nasty MacBook with M1 malware could steal your cryptocurrency
#BREAKING Beware of active infostealer campaign mimicking Microsoft Windows Store, Spotify and FreePdfConvert apps targeting countries in South America 🇵🇪🇨🇴🇦🇷. #ESETresearch @jiriatvirlab 1/3 pic.twitter.com/bizy5ie3GQApril 19, 2021
Spotted by Slovak internet security company ESET, the campaign uses advertising to lure users into downloading apps on a fake store. As shown by ESET, one example is an "xChess 3" chess application advertisement that leads to a page that looks exactly like the Microsoft Store, while another leads to a fake Spotify landing page.
The zip file containing the disguised malware is automatically downloaded when visiting the fake pages, which holds a "Ficker" Trojan malware. It lets hackers steal saved credentials in web browsers.
According to Bleeping Computer, the malware also lets malicious actors steal information on desktop messaging apps including Discord and Steam, along with cryptocurrency wallets. It also has the ability to take screenshots of whatever is on the victim's screen.
ESET states the malware campaign is currently targeting countries in South America, including Peru, Columbia and Argentina. This is the internet, however, meaning the fake advertisements could move anywhere.
While it's always important to download apps on an official store, like the Apple App Store or Microsoft Store on Windows 10, identical sites in browsers can easily trick users. However, there are a few other signs to be aware of.
For example, the fake chess app's description describes an "exciting adventure game" involving a ball. The last time we checked, this isn't how chess is played.
It's always a good idea to check information about an app, along with reviews from other users, before downloading them. An iPhone VPN scam had similar fake information that still duped a few users into subscribing to it.