Found 88 bookmarks
Custom sorting
Inside FireScam : An Information Stealer with Spyware Capabilities
Inside FireScam : An Information Stealer with Spyware Capabilities
  • FireScam is an information stealing malware with spyware capabilities. It is distributed as a fake ‘Telegram Premium’ APK via a phishing website hosted on the GitHub.io domain, mimicking the RuStore app store. The phishing website delivers a dropper that installs the FireScam malware disguised as the Telegram Premium application. The malware exfiltrates sensitive data, including notifications, messages, and other app data, to a Firebase Realtime Database endpoint. FireScam monitors device activities such as screen state changes, e-commerce transactions, clipboard activity, and user engagement to gather valuable information covertly. Captures notifications across various apps, including system apps, to potentially steal sensitive information and track user activities. It employs obfuscation techniques to hide its intent and evade detection by security tools and researchers. FireScam performs checks to identify if it is running in an analysis or virtualized environment. The malware leverages Firebase for command-and-control communication, data storage, and to deliver additional malicious payloads. Exfiltrated data is temporarily stored in the Firebase Realtime Database, filtered for valuable content, and later removed. The Firebase database reveals potential Telegram IDs linked to the threat actors and contains URLs to other malware specimens hosted on the phishing site. By exploiting the popularity of messaging apps and other widely used applications, FireScam poses a significant threat to individuals and organizations worldwide.
#cyfirma#EN#2025#FireScam#Telegram#Premium#analysis#fake#apk#android#malware
·cyfirma.com·
Inside FireScam : An Information Stealer with Spyware Capabilities
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
The team at CYFIRMA analyzed a malicious Android sample designed to target high-value assets in Southern Asia. This sample, attributed to an unknown threat actor, was generated using the Spynote Remote Administration Tool. While the specifics of the targeted asset remain confidential, it is likely that such a target would attract the interest of APT groups. However, we are restricted from disclosing further details about the actual target and its specific region. For a comprehensive analysis, please refer to the detailed report
#cyfirma#EN#2024#Unidentified#Threat#Actor#Malware#research#Android#Spynote#Remote#Administration#Tool
·cyfirma.com·
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Earlier this week, the FBI announced that it had accessed the locked phone of Thomas Matthew Crooks, the man who opened fire at a Trump rally last Saturday. A new report from Bloomberg today reveals more details about this process and the phone used by Crooks. After Saturday’s Trump rally shooting, the FBI said on Sunday that it had been unsuccessful in unlocking Crooks’ phone. The phone was then sent to the FBI lab in Quanitco, Virginia, and on Tuesday the bureau confirmed that it had successfully unlocked the phone in question.
#9to5mac#EN#2024#Android#Cellebrite#Samsung#cracked
·9to5mac.com·
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. Known for its open-source nature and flexibility, Android offers users a wide array of features, customization options, and access to a vast ecosystem of applications through the Google Play Store and other sources. However, with its widespread adoption and open environment comes the risk of malicious activity. Android malware, a malicious software designed to target Android devices, poses a significant threat to users’ privacy, security, and data integrity. These malicious programs come in various forms, including viruses, Trojans, ransomware, spyware, and adware, and they can infiltrate devices through multiple vectors, such as app downloads, malicious websites, phishing attacks, and even system vulnerabilities.
#checkpoint#EN#2024#Rafel#RAT#Android#Malware#Ransomware#Operations
·research.checkpoint.com·
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.
#microsoft#EN#2024#Android#vulnerable#application#share#Dirty-stream
·microsoft.com·
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Chinese Keyboard App Vulnerabilities Explained
Chinese Keyboard App Vulnerabilities Explained
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full report titled "The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers."
#citizenlab#EN#2024#Chinese#Keyboard#App#Vulnerabilities#Tencent#Baidu#Android#iOS
·citizenlab.ca·
Chinese Keyboard App Vulnerabilities Explained
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection period. We seized this opportunity to register these domains to gauge the botnet's scale. At its peak, we noted approximately 170,000 daily active bots, predominantly in Brazil.employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection
#xlab.qianxin.com#EN#2024#Hidden#Cyber#Threat#Android#TV#Set-Top#Box
·blog.xlab.qianxin.com·
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot: the evolution of a notorious Android Banking Malware
Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims. Like the majority of Android banking malware, Flubot abuses Accessibility Permissions and Services in order to steal the victim’s credentials, by detecting when the official banking application is open to show a fake web injection, a phishing website similar to the login form of the banking application. An important part of the popularity of Flubot is due to the distribution strategy used in its campaigns, since it has been using the infected devices to send text messages, luring new victims into installing the malware from a fake website. In this article we detail its development over time and recent developments regarding its disappearance, including new features and distribution campaigns.
#foxit#EN#2022#Flubot#Android#Banking#Malware#evolution#research
·blog.fox-it.com·
Flubot: the evolution of a notorious Android Banking Malware