If you receive this text message about the blackout, don't click: it installs a fake app that steals your banking information.
The blackout that occurred in Spain last Monday, April 28, affected millions of citizens across the Iberian Peninsula. A massive power failure left homes, businesses, hospitals, stores, and mobile phone operators without power. The operator Red Eléctrica reported that it was a "zero energy" event , that is, a total collapse of the electrical system that occurs suddenly when the grid stops supplying energy on a massive and widespread basis, paralyzing everything and affecting millions of people simultaneously. However, despite the fact that Spain has now returned to normal, cybercriminals have taken advantage of the blackout to spread a malicious app .
Cybersecurity company ESET explains that, thanks to PhisGuard, SMS messages sent to Spanish users have been detected, forcing them to access a supposed link related to information about the blackout .
The aforementioned link impersonates the Ministry of Foreign Affairs, the European Union and Cooperation . It also reports that, due to the outage, attempts by cybercriminals to exploit vulnerabilities in several online banking applications have been detected. Among the supposedly affected banks is BBVA, with a "secure" app that is actually fraudulent , given that the URL urges users not to download the app from Google Play and instead to do so through the provided link.
Although downloading apps from unofficial repositories is not recommended, the impact of last Monday's outage on Spanish society—especially those with BBVA accounts—has caused concern among users after reading the content on the website. Therefore, it's possible that more than one user will download and install the malicious app on their Android device .
What happens if the malicious app is downloaded?If you have installed the malicious app , when you open it you will see the following screen indicating that it is a supposed security verification , after which a notice is then displayed indicating that the application needs permission to access SMS .
Thanks to this permission, cybercriminals can capture the one-time codes sent by banks as a verification method when individuals attempt to perform certain transactions related to payments or money transfers. This way, according to ESET, scammers obtain BBVA online account login details and card information .
ESET recommends consulting official sources —whether government or private companies—and being wary of communications sent via SMS or social media, as they can be used to spread scams or hoaxes.
Additionally, it urges users not to install mobile applications that do not come from official app stores or trusted websites, to review the permissions granted to apps installed on their mobile devices, and to have a security solution that can detect and block threats .
Sign up for our newsletter and get the latest technology news straight to your inbox.
20minutos
