When it comes to theft, cybercriminals usually use malware: ransomware, banking Trojans, viruses, and other such means. But sometimes, a good story and some perfectly legal software may be enough for them to accomplish their goals. For example, some crooks have been using AirDroid \u2014 a powerful app for remote smartphone management \u2014 to steal money from freelancers.<\/p>\n
The scheme is simple. Criminals start by finding a potential victim on a website where employers look for freelancers and freelancers look for work. A crook claims to be an employer in search of a specialist for a simple project. Usually, they advertise for testers, designers, or copywriters, but the approach can be used to fool other types of freelancers as well.<\/p>\n
Once they\u2019re in contact, the criminal asks the freelancer to install an app needed for the job \u2014 to write a review, draw an icon, or test new features, for example. The majority of cases we are aware of involved AirDroid<\/a>, a legitimate app for remote management of mobile devices. <\/p>\n The link leads to the official Google Play store \u2014 and so even a suspicious freelancer would not see signs of phishing or any other kind of cheating. Once the app is installed, the criminal sends login and password credentials for a test account. It\u2019s not uncommon for clients to share data with freelancers, so everything still looks OK. The victim logs in with the provided credentials, and boom, the criminal has full control over the freelancer\u2019s device.<\/p>\n 7 bad tricks used to trick people online https:\/\/t.co\/s0VOvwkQju<\/a> #scams<\/a> #onlineshopping<\/a> pic.twitter.com\/T0OgdkFZoD<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) February 16, 2016<\/a><\/p><\/blockquote>\n\n