top of page
  • Admin

FakeSpy Data-Stealing App Returns, Now Using U.S.P.S. As Cover

Published: January 29, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

According to a report by Cybereason, postal services around the globe are now being targeted by an Android malware that’s back with a vengeance. FakeSpy is believed to be the spawn of a Chinese hacking group known as Roaming Mantis. This data stealing app first seen in 2017, has made a new and much improved debut. Originally targeting only postal services in South Korea and Japan, the vastly upgraded malware app now targets those services worldwide, including the U.S. Postal Service (U.S.P.S.).

SMS text phishing (smishing) is how the malware gets its foothold, but how it ends up can be devastating for those caught in FakeSpy’s data-stealing web.

FakeSpy starts by sending an “official postal service” text message to the user about a package the recipient has waiting for delivery. That smishing text includes a malicious link claiming to be the first step to resolving the issue. Following the link leads to downloading a fake Android “official” postal service app. Those who take the bait unwittingly install the FakeSpy app, unleashing data stealing abilities.

Downloading the malicious app leads to a device and all its contents being hijacked. The minimum data that FakeSpy steals is the user’s entire contact list, which they use to immediately expand further attacks. Other FakeSpy data theft includes reading and sending text messages from a hacked device, contact information, infiltrating banking and cryptocurrency accounts including login information and passwords for those accounts.

At the moment, FakeSpy’s biggest foe is a cyber-smart user who spots phishing red flags before they act on any message, be it text, email, or phone.

No Phishing Allowed

  • Avoiding messages with attachments and URL links in the text. Attachments are loaded with malware, and a fake URL redirects a user to a bogus website designed to steal data.

  • A sense of urgency where the message content requires quick action from the recipient. With FakeSpy, the content is about a failed package delivery needing more details in order to resend it. That isn’t usually worthy of an urgent response. Take a minute to consider the message.

  • Bad grammar and misspellings. The slightest typo or bad grammar should set off phishing alarm bells and red flags.

  • Any type of message that remotely looks or smells phishy for any reason is best deleted. However, the USPS welcomes users to forward the fake text message to them first before deleting it.

The U.S.P.S. reminds customers the only reason they would receive a text or email from them about a failed delivery is if the customer has signed up for them in the “informed delivery” service on the official U.S.P.S. website. Even so, don’t click links or attachments. Instead, log into the “informed delivery” account and take a look for any information on a missed delivery there.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at

bottom of page