Viruses impersonating software and applications of the General Department of Taxation, Government, Declarations, etc., have been used in recent consecutive attack campaigns, to take control of phones, steal bank accounts and money of users in Vietnam.
Attackers create applications with interfaces similar to those of government agencies. Then, they use many different scenarios to lure and trick users into installing these fake applications on their phones, through links they create.
The above fake applications all use DaaS (Dropper-as-a-Service), a service designed to provide viruses to fake applications. This service can disable the device's defense measures before installing the virus, in order to gain control and have full access to data on the victim's phone such as: application information, accounts, contacts, messages, images, document files, OTP codes for banking transactions, etc.
Research by experts shows that viruses provided by DaaS have the ability to bypass the protection mechanism of Android 13 and even Android 14, which was just released in October, making the possibility of users being attacked very high.
The danger is that even bad guys who don't know much about technology can still use DaaS services to steal login information en masse, at a very low cost.
Due to the dangerous level and strong spread of attack campaigns on Android phones, Bkav experts recommend that users:
Do not download APK files outside of Play Store
Accessibility is an accessibility right, intended to increase the user experience, but is a weakness that is exploited by hackers. If not needed, users can turn off this feature
When you see your phone exhibiting unusual behavior such as hanging or logging into financial or banking apps, immediately disconnect from the Internet and contact the banking institution to lock your account immediately.
Install licensed anti-virus software for an extra layer of protection