Cybercriminals posing for central office workers attempted to attack local stores of Play mobile operator. They have called local customer service centers trying to “help” update their customer relationship management (CRM) software.

According to Zaufana Trzecia Strona, the alleged update led to the installation of malicious software. Most possibly, at least a dozen centers were infected on a daily basis, and the entire attacked lasted from July 5th, 2019. Experts from Zaufana Trzecia Strona inform that the fake page which Play store employees were redirected to looked similar to the https://konto.play.pl, however it also contained additional or modified elements.

It could be expected that cybercriminals’ activities were aimed at CRM in order to obtain Play’s customer data, manage their accounts and SIM cards in order to clear out the accounts. According to Zaufana Trzecia Strona, a group responsible for similar attacks across United States might be responsible for attacks in Poland.