According to a report, Fakesky uses smashing or SMS phishing to target users. The malware claims to be from a local post office and sends fake text messages, prompting the victims to click on a malicious link. This link directs them to download an app. Once the unsuspecting users download the fake app, the malware gets full access to a user's device and is able to read text messages, contact information, read from external storage and can even send text messages. The app also gets direct access to banking-related apps and can steal login information.
Talking about where exactly the malware has its roots, researchers claim that the culprit is the Chinese-speaking group called "Roaming Mantis" which is responsible for operating this app in Asia. "The malware authors seem to be putting a lot of effort into improving this malware, bundling it with numerous new upgrades that make it more sophisticated, evasive, and well-equipped. These improvements render FakeSpy one of the most powerful information stealers on the market. We anticipate this malware to continue to evolve with additional new features; the only question now is when we will see the next wave," Cybereason researchers said.