Thought Leadership

Warning for cell phone txt/msg’s

I talk about SPAM and phishing emails a lot and how you should not click on links, but the same goes for clicking links on your cell phone, even from txt messages.

This recent article is a good example why you should not click links on your cell phone.


The operators behind an updated version of the FakeSpy malware are targeting Android devices using SMS phishing messages to spread the info stealer, according to the security firm Cybereason.

The SMS messages are designed to appear to come from legitimate postal and delivery services, including the U.S. Postal Service, the U.K. Royal Mail, DHL Group, France’s Las Poste, Taiwan’s Chunghwa Post, several private delivery companies in Japan as well as others in Switzerland and Germany, Cybereason researchers say.

If the recipient clicks on the links in these messages, malicious code is downloaded onto the Android device that installs the FakeSpy malware. The information stealer is capable of exfiltrating data, including financial and contact details, from the device, according to the research report released Wednesday.

The attacks associated with the latest FakeSpy campaign start with malicious SMS messages, or smishing messages, which notify victims of an undelivered package, the report notes. When the target opens the link within the message, a FakeSpy APK – the file format used by Android to install applications – appears. It resembles a local postal service or delivery app.


Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.

  • Industry

  • Category

  • Regulation

  • Solution