Contact Contact Us

FakeSpy Android Malware Targets Japanese Delivery Company, Heathrow Airport Fined for Data Protection Failings

Hackers have been using fake sites that closely resemble that of the Japanese delivery company Sagawa to spread a new FakeSpy Android malware variant. One of the fake sites has no SSL certificate and its page layout is broken. The fake site has a popup message that redirects the visitor to a malicious page that requests a phone number for alleged security purposes. Other fake sites do not ask for phone numbers but drop a malicious Sagawa application once the visitor clicks on the sites. The application contains a FakeSpy variant with several functions, such as intercepting incoming SMSes, pilfers SMSes, as well as creating and sending SMSes to other devices to spread the malware.

The Heathrow Airport in London, UK, has been fined 120,000 pounds by the Information Commissioner’s Office for ‘serious failings’ in securing personal data. The airport suffered a breach last year when an employee lost a USB stick that held unencrypted personal data of employees. In addition, investigations found that only two percent of Heathrow Airport’s 6,500 employees had received data protection training.

[1] FakeSpy Comes Back. New Wave Hits Japan
[2] Heathrow Airport fined by UK data protection regulator for failings

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883