A SMiShing scheme was identified by researchers at Trend Micro which targets Spanish speaking users connected to Banco Bilbao Vizcaya Argentaria (BBVA).

Security researchers at Trend Micro provided details about a fake banking app on the Google Play store dubbed “Movil Secure.” It was mentioned that the developers went to great lengths to try and trick users into believing it was legitimate. There were also three other apps in the store which were linked to the same developer. From the date of when the malicious app became available, it was downloaded over a hundred times in a six day time frame. The developers were targeting Spanish speaking customers of the Banco Bilbao Vizcaya Argentaria (BBVA). After the app is download by an unsuspecting victim, the infection process begins. It collects and sends device information back to a command and control server. For full technical details, refer to Trend Micro’s article.

Indicators of Compromise

SHA256

• b168e64a02c3aed52b0c6f77a380420dd2495c3440c85a3b7ed99b8ac871d46a
• d8018d869254abd6e0b2fb33631fcc56c9f2e355c5d6f40701f71c1a73331cb3
• 299e1eb8a1f13e1eb77a1c38e5cf7bbdc588db89d4eaad91e7fc95d156d986e5
• 24e7a8ed726efa463edec2e19ad4796cf4b97755b8fdf06dea4950c175c01f77

C&C

• hxxps://backup.spykey-floki.org/add.php