Attribute | Details |
---|---|
Threat Actors | Not attributed to a specific group; possibly financially motivated adversaries |
Campaign Overview | Mobile phishing campaign distributing an updated version of the Antidot banking trojan (AppLite Banker) |
Target Regions | Users proficient in English, Spanish, French, German, Italian, Portuguese, and Russian |
Methodology | Social engineering via job offers, malicious Android apps masquerading as legitimate CRM apps |
Product Targeted | Android devices; victims using 172 bank accounts, cryptocurrency wallets, and social media |
Malware Reference | Antidot banking trojan (AppLite Banker), SpyNote trojan |
Tools Used | ZIP file manipulation, phishing pages, Accessibility Services permissions exploitation |
Vulnerabilities | Abuse of Android permissions, including Accessibility Services |
TTPs | Keylogging, VNC for remote control, SMS theft, call forwarding, credential theft via overlays |
Attribution | Zimperium zLabs, Cyfirma |
Recommendations | Implement proactive protection, avoid external app installations, review SMS and call activities |
Source | The Hacker News |
Read full article: https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply