A cybersecurity and digital forensic expert, Alfons Tanuja, urged the public to be careful and not easily believe in the spread of APK files under the guise of an electronic ticket on WhatsApp.
This latest fraud mode is indeed very shrewd so it's easy for consumers to let their guard down. Cybercriminals send electronic tickets via WhatsApp on behalf of the work unit (satker) of the National Police. In that shipment, the potential victim was informed that he had committed an offence. Then, asked to open the application to see the ticket. "If the letter has been read, please come to the nearest police station," wrote the scammer. Victims who may panic, are not suspicious, or even don't think twice about it will immediately open a file with the .APK extension called Surat Tilang-1.0.apk.
Risks of Opening APKs Using Electronic Ticketing Mode “This works exactly the same as APK fraud under the guise of a package courier. Only, the theme of the fraud was changed to a ticket," said Alfons. According to him, the main goal is to gain access to the victim's cell phone SMS. "This is a variation of the SMS thief APK whose goal is to steal the victim's SMS and forward it to other applications such as Telegram," explained Alfons.
So, what is the impact if the victim installs the application on his device? ”So he will forward all SMS from the victim's device and this is very dangerous if the cellphone number is used for financial activities such as mobile banking. Because it will cause the victim's mobile banking funds to be stolen,” he said.
In addition, Alfons said that another risk is SMS theft for other purposes, such as WhatsApp account hijacking. Because, by mastering SMS, the WhatsApp account can be taken over and transferred to another cellphone. "The public, especially Android users, must be careful and never install applications from outside the Google Play Store and any applications whose security is not known," he explained.
Alfons provides tips, to see which applications have access to SMS you can check by:
1. From (Settings) search "permission manager" then click (permission manager) and click (SMS).
2. Then see which applications have access to SMS.
3. If there are unknown or suspicious applications, immediately uninstall them and do not grant access.