Recently, the Department of Information Security has continuously warned about the situation of Android users losing money in bank accounts after installing strange applications.
Attack mechanism of malware
Scammers often approach victims via Zalo or phone, claiming to be tax officers, police, or bank employees supporting limit upgrades. They send a link to download the .apk file and installation instructions.
After installation, the fake application (usually imitating the interface of VNeID, General Department of Taxation, Public Service) will request Accessibility permission. This is the crux of the problem.
How dangerous is Accessibility permission?
When granted this permission, malware can:
- Automatically manipulate the screen (like a real person).
- Read SMS messages (to get OTP codes).
- Record bank login passwords.
- Prevent victims from uninstalling the application.
How to protect your device?
VTrust recommends Android users to follow the "3 NOs" principle:
- NO clicking on strange links sent via SMS, Zalo.
- NO installing applications from external sources (.apk files), only download from Play Store.
- NO granting Accessibility permission to any application if not clearly understood.
If installed by mistake, disconnect the network (Wifi/4G) immediately and contact the bank to lock the account urgently.