Category |
Details |
Threat Actors |
Unknown (operators behind phishing site) |
Campaign Overview |
Android malware FireScam masquerades as Telegram Premium to steal data and maintain remote control over compromised devices. |
Target Regions (Or Victims) |
Users in Russia, targeted through phishing website mimicking RuStore. |
Methodology |
Multi-stage infection: dropper APK installs FireScam, which exfiltrates data and maintains persistent remote control. |
Product Targeted |
Fake Telegram Premium app |
Malware Reference |
FireScam Android malware |
Tools Used |
Dropper APK (“GetAppsRu.apk”), Firebase Realtime Database, WebView for phishing, WebSocket for C2 communication. |
Vulnerabilities Exploited |
Phishing distribution via fake RuStore app store, app permissions to prevent legitimate updates. |
TTPs |
Uses obfuscation, anti-analysis techniques, exfiltrates data, monitors notifications, e-commerce transactions, clipboard, and user activity. |
Attribution |
Unknown, but associated with Russian tech (RuStore) and a phishing campaign. |
Recommendations |
Be cautious of unofficial app stores and phishing sites, avoid granting unnecessary permissions to apps, verify app authenticity. |
Source |
The Hackers News |
Read full article: https://thehackernews.com/2025/01/firescam-android-malware-poses-as.html
The above summary has been generated by an AI language model
Stay Updated with Our Newsletter
Leave a Reply