A campaign to spread malware using a free World Cup game viewing app for Android devices called Kora442.
ESET Research, a security research company, has discovered a malicious campaign using the free World Cup match viewing application for Android devices called Kora442 to steal user information.
The Kora442 application is distributed through the Facebook page (fanpage) of the same name, provided as an apk file for manual installation on Android devices, not on the Play Store. This fanpage leads users who want to watch live and update the scores of the matches at the 2022 World Cup to access a website to download the application to their device.
ESET Research said the malicious code attached to this application is a RAT (Remote Access Trojan), which allows hackers to take control of the device remotely. During the installation process, the application will ask the user for permission to access SMS, contacts, photos, clipboard, call log and even take photos or record calls. The malware then filters and uploads this data to the hacker’s server.
According to ESET, there have been at least 750 infected machines, but because the website has not been disabled and the 2022 World Cup has only gone one third of the way, this number will continue to increase in the near future.
This application is not directly aimed at Vietnamese users, but due to the increased demand to watch the World Cup and the habit of accessing pirated platforms, anyone can become a victim of similar campaigns.
Currently, hackers often disguise malware as applications of great interest to trick unsuspecting users into downloading and installing.
In case the user has installed the Kora442 application, everyone needs to remove it immediately. To avoid becoming a victim of malicious campaigns, users should only install apps from trusted sources and carefully review reviews and ratings before installing.
(Refer to QTM)