Personal Information Leakage Risk from Malicious App Installation: Essential Security Rules to Prevent Damage
Be Careful and Follow Mandatory Precautions
Recently, a phishing message impersonating a 'memorial gathering invitation' has been discovered in connection with an incident where a teacher at Seoi Elementary School in Seocho-gu, Seoul, took an extreme step, prompting users to exercise caution.
On the 2nd, AhnLab warned that phishing messages impersonating 'memorial gathering invitations' related to the Seoi Elementary School incident are being circulated. Phishing is a method of fraudulently obtaining personal or confidential information, such as passwords or credit card details, by pretending to be a trusted person or company through messengers or other means.
According to AhnLab's analysis, the attacker sent messages containing a malicious URL along with the message, "Please kindly attend so that the deceased's final journey is not lonely."
When users click the URL in the text message, they are redirected to a phishing website created by the attacker. The website includes the phrase, "We deeply mourn the teacher who passed away at a young age. We pray for the deceased's happiness in the afterlife." Additionally, a black ribbon image symbolizing mourning is displayed, cleverly disguising the site as a 'memorial gathering invitation' for the deceased teacher.
At the bottom of the page, there is an 'Open' button. When clicked, a window appears with the message, "Please press confirm to see the exact location and time~." If the user carelessly presses 'OK' at this point, a malicious app installation file (.apk) is downloaded.
Once the malicious app is installed, various personal information on the infected smartphone, such as text messages (SMS), contacts, phone numbers, and call history, can be stolen. Furthermore, the attacker can use the obtained personal information for additional crimes such as voice phishing, requiring special caution.
To prevent such damage, users should ▲ avoid clicking URLs or opening attachments in text messages from unknown sources ▲ use official app markets like Google Play when downloading apps ▲ check the permissions requested during app installation ▲ and follow essential security practices such as installing mobile antivirus software.
Kang Dong-hyun, senior researcher of the engine development team at AhnLab who analyzed this sample, said, "Attackers do not hesitate to use any topic that can lure users, including socially sensitive issues." He added, "Users must strictly follow basic security rules, such as not executing URLs in text messages from unknown sources, to prevent damage caused by phishing messages."
Meanwhile, on the 18th of last month, Mr. A, a second-year teacher in charge of the first grade at Seoi Elementary School, was found dead on school premises. Subsequently, suspicions arose that Mr. A had been harassed by malicious complaints from parents during his lifetime. As a result, voices calling for the protection of teachers' rights have been growing daily in the education sector. Currently, the Ministry of Education, together with the Seoul Metropolitan Office of Education, is verifying the exact facts surrounding Mr. A's death.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
