Remote Access Software Used in New Banking Scam Schemes

By Ava McKinneyOnline Safety

Scammers Steal Money Using Remote Access Software

Experts from Doctor Web have warned about a rise in scams involving remote desktop access software. The most popular tool among cybercriminals is RustDesk.

Analysts link the increased scam activity to recent leaks of database fragments from several banks, which gave criminals access to users’ personal data. Scammers use this information to gain the trust of their victims. Posing as bank support staff, they claim that suspicious activity has been detected on the victim’s account, which could lead to loss of funds. To prevent the alleged theft, they instruct the victim to install a “protective” program on their device.

Victims are told to go to an app store and search for terms like “Sberbank support,” “VTB support,” and similar queries. Until recently, search results for these phrases in Google Play often showed apps such as AweSun Remote Desktop, RustDesk Remote Desktop, and AnyDesk Remote Desktop at the top.

Researchers explain that Google Play’s app ranking system takes into account which apps users select after entering specific search queries. The more people searching for “support [bank name]” mistakenly click on a remote administration app, the more frequently Google Play will recommend that app to others.

It’s important to note that remote access software itself is not malicious. Problems arise when these programs are used for illegal activities.

After the app is installed, scammers ask the victim to provide a unique identifier, then take full control of the device. This access allows them to make payments and transfers from the victim’s account. In such cases, it is impossible to prove a hack or reverse the payment, since from the bank’s perspective, the transaction is being made by the client’s own device.

Currently, Google has removed RustDesk from Google Play. As a result, scammers have moved their operations outside the app store. Now, they use websites (for example, hxxps://помощникбанков[.]рф) to carry out their remote access scams.

On these sites, potential victims are prompted to download the familiar RustDesk app. In some cases, the downloaded apps have modified names and icons to make them look like official bank applications.

Doctor Web identifies the RustDesk app as Tool.RustDesk.1.origin, while the modified versions are detected as Android.FakeApp.1426.

How to Protect Yourself

  • Be cautious when receiving calls from banks or other organizations.
  • Never install applications on your device at someone else’s request.
  • Never share SMS or push notification codes with anyone.

Leave a Reply