A new phishing campaign in which cybercriminals pretend to be a FedEx courier company.
CERT Orange Poland warns especially users of Android smartphones. Cybercriminals send text messages that inform them about the upcoming delivery of a package, a link is attached to the message.

Content of the message: FedEx: Your package arrives, track here: https://cssincronbucuresti[.]ro/pkg/?1mrdumbk

The URL points to a Romanian domain that has nothing to do with the FedEx courier company. After clicking the link from the Android browser, a fake courier website is displayed, suggesting that you have to download the application. The website even has instructions on how to install the rogue application.

According to CERT, by clicking on “download application”, we download the APK file with the FedEx icon. Infact, it is a a so-called banker app, i.e. software specialized in theft of authorization data for online banking systems.