Security provider Norton has recently uncovered a new form of Android malware that uses the smartphones GPS location to customise fake awards and prize emails.
The fake prize scam is one of the oldest and relied on a sucker or two clicking on an email from a well-known brand. But scammers can now use GPS to customise to a locale increasing the chance that recipients will better recognise ‘the win’ and increase click through.
Once the locale is known, scammers can tailor different scam campaigns accordingly. These may range from generic ad library revenue generation to fake coupons or rewards programs from well-known local shopping outlets.
The malware is called Android.Fakeyouwon and so far has been part of a ‘Panel Settings’ app that once installed shows a typical Android setting ‘cog’ icon – grey on a white background.
Once you click on the email link, a legitimate-looking webpage pops up (complete with ‘testimonials’) and asks you to complete a short form that gathers users’ personal information such as name, address, phone number, etc. This information goes straight into your profile in the dark web.
One variation capitalises on emerging recent issues and trends such as wining cryptocurrency.
It appears to one of our hard to resist base desires – excitement!
We publish security releases as a public service to increase awareness of security issues on Windows, macOS, iOS and Android.
While this malware may not be as virulent as others it is an interesting use of a smartphones GPS – something not possible in say a Windows or macOS environment.
Any device that connects to the internet needs protection whether it claims to be ‘virus-free’ or not.
Norton says it now protects against Android.Fakeyouwon as users start to see it appear on their devices.