The creators of widespread malware programs often employ various tools that hinder code detection and analysis, and Android malware is no exception.
As an example of this, droppers, such as Badpack and Hqwar, designed for stealthily delivering Trojan bankers or spyware to smartphones, are very popular among malicious actors who attack mobile devices. That said, we recently discovered a new banker, SoumniBot, which targets Korean users and is notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest.
Read more…
Source: Kaspersky
Related:
- Lazarus Trojanized DeFi app for delivering malware
March 31, 2022
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving. We recently discovered a ...
- Exotic Lily: Exposing initial access broker with ties to Conti
March 18, 2022
In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigating this group’s activity, we determined they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, ...
- BNP Paribas bars Russia-based staff from computer systems as cyber attack fears grow
March 10, 2022
France’s largest bank BNP Paribas has cut off its Russia-based workforce from its internal computer systems as it seeks to bolster its defences against any potential cyber attack, a source with direct knowledge of the matter told Reuters. The French lender, believed to be the first major bank to have jettisoned staff in Moscow from its ...
- SharkBot malware hides as Android antivirus in Google Play
March 5, 2022
SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities. Although the trojan app was far from popular, its presence in Play Store shows that malware distributors can still bypass Google’s automatic defenses. The app is still present in Google’s store at the moment ...
- TeaBot Android Banking Trojan continues its global conquest with new upgrades
March 2, 2022
The TeaBot Remote Access Trojan (RAT) has been upgraded, leading to a huge increase in both targets and spread worldwide. On March 1, the Cleafy research team said TeaBot now targets over 400 applications, pivoting from an earlier focus on “smishing” to more advanced tactics. Smishing attacks are used to compromise mobile handsets via spam text messages ...
- Financial cyberthreats in 2021
February 23, 2022
The year 2021 was eventful in terms of digital threats for organizations and individuals, and financial institutions were no exception. Throughout the past year, we have seen cybercriminals continue to actively target our users with tools and techniques that emerged due to the pandemic. Imperfections in the transition to remote/hybrid work continue to pose a ...