A closer look at the Tria stealer campaign

Description

A malicious Android campaign named Tria Stealer has been targeting users in Malaysia and Brunei since mid-2024. The campaign uses wedding invitation lures to trick victims into installing a malicious app that collects SMS data, tracks call logs, and steals messages from apps like WhatsApp and emails from Gmail and Outlook. The stolen data is exfiltrated to Telegram bots. The threat actor uses this information to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other online accounts. The campaign is likely operated by an Indonesian-speaking threat actor and remains active, with the malware evolving to target more personal communications data.