Fake Android and iOS apps steal SMS and contacts in South Korea

McAfee Mobile Research discovered an active phishing campaign targeting South Korea that distributes Android and iOS information-stealers disguised as legitimate apps (e.g., social, photo storage, fitness). Attackers engage victims via SMS and LINE, lure them to phishing sites that serve sideloaded APK/IPA files (bypassing official app stores), and steal sensitive data including phone numbers, contacts, and SMS messages; the report includes multiple phishing URLs, C2 domains, and SHA256 hashes for malicious binaries.