Press ESC to close

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Attribute Details
Threat Actors Not attributed to a specific group; possibly financially motivated adversaries
Campaign Overview Mobile phishing campaign distributing an updated version of the Antidot banking trojan (AppLite Banker)
Target Regions Users proficient in English, Spanish, French, German, Italian, Portuguese, and Russian
Methodology Social engineering via job offers, malicious Android apps masquerading as legitimate CRM apps
Product Targeted Android devices; victims using 172 bank accounts, cryptocurrency wallets, and social media
Malware Reference Antidot banking trojan (AppLite Banker), SpyNote trojan
Tools Used ZIP file manipulation, phishing pages, Accessibility Services permissions exploitation
Vulnerabilities Abuse of Android permissions, including Accessibility Services
TTPs Keylogging, VNC for remote control, SMS theft, call forwarding, credential theft via overlays
Attribution Zimperium zLabs, Cyfirma
Recommendations Implement proactive protection, avoid external app installations, review SMS and call activities
Source  The Hacker News

Read full article: https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *