Android app breaking bad: From legitimate screen recording to file exfiltration within a year | WeLiveSecurity โ 2023
#AhRAT #RAT
The applicationโs specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.
#AhRAT #RAT
WeLiveSecurity
Android app breaking bad: From legitimate screen recording to file exfiltration within a year
ESET research uncovers AhRat, a new Android RAT based on AhMyth that steals files and records audio and was distributed via an app in the Google Play Store.
Forwarded from Pegasus NSO & other spyware
Securonix Threat Labs Security Advisory: New MULTI#STORM Attack Campaign Involving Python-based Loader Masquerading as OneDrive Utilities Dropping Multiple RAT Payloads Using Security Analytics - Securonix โ June 2023
#RAT #MultiStorm #Trojan #JS #Python #malware #India #US
An interesting phishing campaign was recently analyzed by the Securonix Threat Research Team. The attack kicks off when the user clicks on a heavily obfuscated JavaScript file contained in a password protected zip file. Some of the victims targeted by the MULTI#STORM campaign appear to be in the US and India.
The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT. Both are used for command and control during different stages of the infection chain.
#RAT #MultiStorm #Trojan #JS #Python #malware #India #US
Forwarded from Pegasus NSO & other spyware
Untangling Android/TangleBot. We dig in a malicious sample ofโฆ | Cryptax
Via @androidmalware
#Android #RAT #TangleBot #BankBot
We dig in a malicious sample of Android/TangleBot of May 2024. TangleBot is also reported as a BankBot, although it is more an Android RAT currently than a banking trojan. It is also known as Medusa, but I prefer not to use this name, as this confuses the Android malware with a Windows ransomware, or with the non-malicious and useful hacking tool Medusa.
An excellent analysis of TangleBot is available here. I invite you to read it to understand the history of TangleBot, how much the new versions have changed, who they target and what they do.
In this blog post, I will focus on something different: how to analyze the sample, and how it is implemented.
Via @androidmalware
#Android #RAT #TangleBot #BankBot