Cybercriminals have launched a new phishing campaign targeting customers of the courier company InPost.
Fraudsters send text messages in which the company name InPost is displayed in the sender’s field, but the name is spelled with 0 - “INP0ST”. The message contains information that the parcel which was “ordered” by the receiver was placed in a parcel locker, however, in order to obtain the collection code, an application must be downloaded.

According to ESET experts, the link in the message leads to a page containing the  phrase “inpost” or “in-post” and visually imitating the Google Play Store. If the person decides to download the application, they are asked to install a file from the unknown source. In fact, the victim downloads malware - Cerberus banking trojan.

Cybercriminals then gain the remote control over the phone, additionally steal online banking credentials as well as payment card data, if it has been saved in any application on the phone or Google account.