The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.
As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.
Read more…
Source: Kaspersky
Related:
- Evilnum hackers return in new operation targeting migration orgs
June 28, 2022
The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration. Evilnum is an APT (advanced persistent threat) that has been active since at least 2018 and had its campaign and tools exposed only recently, in 2020. At that time, ESET published a technical report describing the threat ...
- Europol: Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands
June 21, 2022
A cross-border operation, supported by Europol and involving the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie), resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering. The action day on 21 June 2022 led to: 9 arrests in the Netherlands 24 house searches in the NetherlandsSeizures including firearms, ...
- 1.5 million customers impacted by Flagstar Bank data breach
June 21, 2022
Flagstar Bank has disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. As reported by Bleeping Computer, the data breach occurred between December 3 and December 4, 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, ...
- Android-wiping BRATA malware is evolving into a persistent threat
June 19, 2022
The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device. “The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern,” ...
- GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
June 13, 2022
Over the past year, this group has extended its targeting beyond telecommunication companies to also include financial institutions and government entities. During this period, we have identified several connections between GALLIUM infrastructure and targeted entities across Afghanistan, Australia, Belgium, Cambodia, Malaysia, Mozambique, the Philippines, Russia and Vietnam. Most importantly, we have also identified the group’s ...
- Exposing POLONIUM activity and infrastructure targeting Israeli organizations
June 2, 2022
Microsoft successfully detected and disabled attack activity abusing OneDrive by a previously undocumented Lebanon-based activity group Microsoft Threat Intelligence Center (MSTIC) tracks as POLONIUM. The associated indicators and tactics were used by the OneDrive team to improve detection of attack activity and disable offending actor accounts. To further address this abuse, Microsoft has suspended more ...