Asia’s SMS stealers: 1,000 bots and one study


Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which Positive Technologies researchers recently discovered and set out to study.

While researching bots on Telegram, Positive Technologies team found that many are from Indonesia. The researchers were struck by the huge numbers of messages and victims, and how new bots and chats seem to appear on Telegram by the day, so they decided to get to the bottom of this “Indonesian tsunami.” In doing so, Positive Technologies found a couple chat-related SMS stealers from Indonesia. The researchers named them SMS Webpro and NotifySmsStealer because of the string stealers in the body. Sporadic attacks against Bangladesh and India were also detected.

Read more…
Source: Positive Technologies


Sign up for our Newsletter


Related:

  • Kuwait’s finance ministry says cyberattack hit one of its systems

    September 18, 2023

    Kuwait’s finance ministry said on Monday that one of its systems had suffered a cyberattack in the early morning but that the ministry continued to work normally. The ministry said in a statement that protection systems and procedures had been activated and “the level of the hacking attempt is being assessed.” Read more… Source:  Alarabiya News  

  • China becomes main victim of advanced persistent threat attacks: Ministry of State Security

    September 16, 2023

    According to the Ministry of State Security on Saturday which is the 23rd National Defense Education Day, China has become the main victim of advanced persistent threat (APT) attacks, adding that cyberspace has become an important battleground for foreign intelligence agencies to conduct cyber espionage against China, Xinhua Daily Telegraph reported. The national security departments of ...

  • Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets

    September 14, 2023

    Since February 2023, Microsoft has observed password spray activity against thousands of organizations carried out by an actor we track as (HOLMIUM). Peach Sandstorm is an Iranian nation-state threat actor who has recently pursued organizations in the satellite, defense, and pharmaceutical sectors around the globe. Based upon the profile of victim organizations targeted and the observed ...

  • A peek into APT36’s updated arsenal

    September 12, 2023

    In July 2023, Zscaler ThreatLabz discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of conducting targeted espionage operations in South Asia. Zscaler ThreatLabz observed APT36 targeting Indian government sectors using a previously undocumented Windows RAT, new cyber espionage utilities for ...

  • Redfly: Espionage Actors Continue to Target Critical Infrastructure

    September 12, 2023

    Espionage actors are continuing to mount attacks on critical national infrastructure (CNI) targets, a trend that has become a source of concern for governments and CNI organizations worldwide. Symantec’s Threat Hunter Team has found evidence that a threat actor group Symantec calls Redfly used the ShadowPad Trojan to compromise a national grid in an Asian ...

  • CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

    September 7, 2023

    Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023. CISA, FBI, and CNMF confirmed ...