According to security researchers at CloudSEK, customers at KFC and McDonalds in Saudi Arabia, the UAE, and Singapore were targeted by phishing campaigns that successfully stole payment details. The security researchers found that the phishing campaigns impersonated the Google Play store to exhibit malicious browser-based applications for Chrome. The individuals compromised downloaded the malicious applications.
Security researchers explained how, after installation, a desktop shortcut for the same application was created on the users’ desktops. The researchers also discovered a second website that was formed around KFC-based phishing attempts. The site is sophisticated, security researchers say, and elaborately designed to steal credit card details. When the victim attempts to place an order, their information is harvested. Google Play customers should be wary of these hacking attempts.