The pre-holiday period is associated with increased shopping, which has been used by cybercriminals. CERT Poland warns against fraudsters pretending to be the InPost shipping company.

Scammers send text messages prompting users to download an app from a fake InPost website. The link included with the message leads to a fraudulent Google Play Store website.

In fact, the victim downloads Cerberus malware, which enables them to steal funds from payment cards and take complete control of the device.

According to CERT Poland, the malicious domain in the received text message is inposted[.].com. Meanwhile, the sender of the message is “ACM”.

If you have received a suspicious SMS, it is worth reporting it via the website incydent.cert.pl, thanks to which CERT Poland can create a list of domains that you need to watch out for.