New RuNet scam targets Russians with fake delivery apps and banking data theft

In September, a fresh scammer community emerged on RuNet, where members used various pretexts to persuade Russians to install malicious apps that imitate delivery services and secretly steal money. This development came to light through the press service of the information security company FAS.S.T. The core tactic begins with the scammers creating fake ads for goods on specialized marketplaces. When a potential buyer is found and ready to pay, the scammers steer the conversation to a messenger. There, the victim is directed to a link to a dangerous program that pretends to handle the delivery process. The workers behind the scheme pose as individual entrepreneurs who claim they must use a dedicated software to purchase and deliver goods to customers, which adds a layer of legitimacy to the deception. Once the link is clicked, the user lands on a counterfeit Google Play page where a mobile app must be downloaded and installed. The counterfeit app closely mimics the design and functions of real online platforms, convincing the buyer that the delivery can be arranged. During the payment step, the Trojan within the app captures banking details entered by the victim and transmits them to another member of the criminal group, who then sends an SMS with a transfer confirmation code to authorize a withdrawal. This creates a seamless flow for a theft that can be surprisingly quick and difficult to notice until money disappears. According to FACCT, victims in both Russia and Belarus faced significant losses in September as attackers updated the Mammoth scheme to use these fake applications. Over a ten-day window, more than 3 million rubles were stolen, with 76 fraudulent withdrawals recorded, and the average loss per victim hovering around 67,000 rubles. FACCT’s guidance emphasizes basic digital literacy practices to reduce risk. These include avoiding moving conversations from known advertising chat threads to instant messengers, not following suspicious links from strangers via chat or email, and sticking to official apps from reputable stores or websites when making purchases. Broadly, these schemes rely on building a believable narrative around small business operations, leveraging the trust in delivery services, and exploiting the ease of mobile payments to pull off rapid losses. Those who encounter suspicious ads should verify seller identities, scrutinize App Store listings for authenticity, and consider installing security software that can detect counterfeit apps. While the threat remains present globally, the emphasis in Canada and the United States is similar: maintain vigilance with unfamiliar links, confirm app legitimacy, and use strong, unique passwords combined with two-factor authentication to safeguard financial accounts. The pattern observed underscores the importance of cautious digital behavior, especially when payment details are involved and when offers arrive through informal channels. Consumers are reminded to pause, verify, and research before engaging with any delivery-related transaction that arrives via messaging apps or social platforms.