Kaspersky detects a new wave of Wroba Trojan activity in Singapore

According to Kaspersky’s Botnet Tracking System, a new wave of Wroba Trojan activity has been detected in Singapore.

Kaspersky experts saw first traces of the malware last Tuesday (6 Aug) when it was targeted at users in Singapore, consisting of commands to send SMS on Singapore’s phone numbers.

Kaspersky hinted that cybercriminals tried to attract users with the notification of parcel arrival with a text that goes ‘Your courier has been delivered. Please check and accept it in time’. Subsequently, there was a link that led to a site that looks like a legitimate one of a logistics company. So, when a user receives such SMS and innocently enters into the site by clicking the link, the downloading of the Trojan will begin to spread.

While Wroba is a Trojan that targets Android devices, iOS devices are not immune to this, as the user will be redirected to a phishing site claiming that they need to enter his/her AppleID details.

“Today, e-commerce is the postal service’s main growth driver. With e-commerce growing exponentially in Singapore, the post and parcel industry is being disrupted at a rapid rate, as delivery services embark on a process of digitalisation to reduce costs, as well as cater to changing consumer demands for up-to-date tracking and prompt delivery services,” said Yeo Siang Tiong, General Manager for South East Asia at Kaspersky.

“The Wroba Trojan incident serves as a reminder that the cybersecurity risks of the instant gratification culture remain real and close to home. There is a need for us to remain cautious and carefully scrutinize realistic looking links before we click or provide any information. Having in place a set of robust security solutions can also help protect our devices against such cyberthreats,” he added.

Kaspersky noted that its products detect the threat as ‘Trojan-Dropper.AndroidOS.Wroba.g’.

After installation on the device, Wroba, among others, is able to:

• Send SMS
• Check installed packages
• Open web-pages
• Get files from folder related to financial transactions
• Steal contact list
• Call specified number
• Show fake phishing pages to steal victim’s credentials

More than 4,000 users faced Wroba since the start of the year, according to Kaspersky Security Network. The countries with the biggest number of victims are Russian Federation, Japan, and India.

Although Singapore is not on the top-list, this only makes the recent SMS campaign all the more interesting, as it seems that cybercriminals are enlarging the pool of targeted countries; hence, this would potentially lead to a rise in number of victims in Singapore.

To prevent this, Kaspersky recommends following these simple rules:

• Download applications only from official resources
• If possible, disable the installation of applications from third-party sources in your smartphone settings
• Do not click on suspicious links from unknown senders
• Install a reliable security solution to protect your mobile device