| Category | Details |
|---|---|
| Threat Actors | Cybercriminals exploiting user trust in legitimate app names like Telegram to distribute malware. |
| Campaign Overview | FireScam disguises as “Telegram Premium” app to steal sensitive data and monitor device activities. |
| Target Regions (Or Victims) | Android users, especially those in the Russian Federation. |
| Methodology | • Phishing websites mimicking trusted app stores. • Social engineering to steal user data. • Malware disguised as Telegram Premium app. |
| Product Targeted | Android devices, targeting messaging apps, financial apps, and sensitive user data. |
| Malware Reference | FireScam, an infostealer spyware targeting Android users. |
| Tools Used | • Phishing websites (GitHub.io-hosted). • Firebase Realtime Database for exfiltrating data. • Firebase Cloud Messaging for remote control. |
| Vulnerabilities Exploited | • User trust in legitimate app names. • Weak security measures on Android devices. |
| TTPs | • Social engineering tactics. • Evasion techniques like obfuscation and sandbox detection. • Continuous monitoring of device activity and exfiltration of sensitive data. |
| Attribution | No specific attribution, but exploits user trust and well-known app names. |
| Recommendations | • Use antivirus software. • Regularly update software and apps. • Monitor app behavior and device activity for unusual actions. |
| Source | Hackread |
Read full article: https://hackread.com/firescam-infostealer-spyware-android-fake-telegram-premium/
The above summary has been generated by an AI language model
Leave a Reply