Quote:Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used in ad-stuffing attacks underway against devices on the Jio telecom network in India, security researchers warn.
Researchers from Zscaler report this threat actor has been operating various phishing scams since March 2020, all using recent headlines as lures.
Their most recent socially engineered messages try to convince users to download their fake version of TikTok by saying the app, which is banned in India, is now available, the report found. Another scam misleads victims into thinking they’re eligible for a free Lenovo laptop courtesy of the Indian government.
“The malware involved has features that are also commonly found in other families as well, e.g. it follows common methods of persistence, and propagation using victim’s contact information,” Deepen Desai, Zscaler CISO, told Threatpost. “The attack campaign is fairly targeted and leverages trusted resources like Weebly and GitHub for distributing the malicious content to the victims.”
Targeted but widespread: Jio telecom serves more than half of India’s internet subscribers, which according to a March 2020 report from the Indian Telecom Regulatory Authority topped 743 million people.
He added that the Zscaler team observed more than 200 malicious Android apps using “themes related to current affairs in India.”
Threat actors blast out an SMS or WhatsApp message to numbers on the Jio network with the phishing lure message and a link to take advantage of the fraudulent offer, the report showed. The link leads to a Weebly-hosted site controlled by the cybercriminals, it explained.
“In the original download request which we observed in Zscaler cloud, the user-agent string was: WhatsApp/2.21.4.22 which indicated to us that the link was clicked by the user in a WhatsApp message,” according to the analysis.
Read more: Adware Spreads via Fake TikTok App, Laptop Offers | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
