SMiShing is a type of social engineering technique that traps users by requesting them to reveal sensitive information which can be used for nefarious purposes or for simply making money. SMiShing has become very popular among attackers as it does not cost much for them and at the same time can be used to target many users. To reach their victims they have started using FREE Messaging Apps as the medium. This blog will get into the nuances of one such SMiShing attack. 

Recently, one of our colleagues received a WhatsApp SMiShing message to make money online as shown in Figure 1.

Upon clicking the link shown in Figure 1, the user is redirected to a website as shown in Figure2. This message prompts the user to download “EarnMoney_wa_3011.apk” which is actually a malicious app.

The “EarnMoney_wa_3011.apk” app installs in the name of “Make Money” as shown in Figure 3.

Figure 4 shows the app image on the device after successful installation.

This app then proceeds to collect the user information like mobile operator, country, sim state, sim serial number, voice mail number as shown in Figure 5.

The purpose of this app is to display ads as shown in Figure 6.

It then sends all the user information collected to the C2 server as shown in Figure 7.

These apps for now are just ad scammers which are used for generating revenue.

We therefore recommend users to avoid believing in such false messages and break the chain in spreading these fake apps. Also, K7 users are protected from such scams as well. Users are therefore advised to stay protected by installing “K7 Mobile Security” on their devices and keep it updated. Also regularly scan your devices with the same to keep your devices safe.

Indicators of Compromise (IoCs)

Package Name: EarnMoney_wa_3011.apk

Hash: d5310d119b1ae688315422b792fa6ae4

K7 Detection Name:  Trojan ( 0001140e1 )