Press ESC to close

FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices

 
Category Details
Threat Actors Unknown (operators behind phishing site)
Campaign Overview Android malware FireScam masquerades as Telegram Premium to steal data and maintain remote control over compromised devices.
Target Regions (Or Victims) Users in Russia, targeted through phishing website mimicking RuStore.
Methodology Multi-stage infection: dropper APK installs FireScam, which exfiltrates data and maintains persistent remote control.
Product Targeted Fake Telegram Premium app
Malware Reference FireScam Android malware
Tools Used Dropper APK (“GetAppsRu.apk”), Firebase Realtime Database, WebView for phishing, WebSocket for C2 communication.
Vulnerabilities Exploited Phishing distribution via fake RuStore app store, app permissions to prevent legitimate updates.
TTPs Uses obfuscation, anti-analysis techniques, exfiltrates data, monitors notifications, e-commerce transactions, clipboard, and user activity.
Attribution Unknown, but associated with Russian tech (RuStore) and a phishing campaign.
Recommendations Be cautious of unofficial app stores and phishing sites, avoid granting unnecessary permissions to apps, verify app authenticity.
Source The Hackers News

Read full article: https://thehackernews.com/2025/01/firescam-android-malware-poses-as.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 7, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *