An Android RAT targets Telegram Users

June 28, 2024, 2:57 p.m.

Description

This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data from Telegram users. It employs phishing techniques to trick victims into installing a malicious application disguised as the legitimate Telegram app. Once installed, SpyMax gains extensive permissions, gathers sensitive information like keystrokes and location data, and transmits it to a remote command-and-control server. The malware also receives commands and additional payloads from the server, enabling remote control of the compromised device. The report outlines the technical details of SpyMax's operations, including its obfuscation methods, data exfiltration process, and communication with the command-and-control infrastructure.

External References

https://labs.k7computing.com/index.php/spymax-an-android-rat-targets-telegram-users/
https://otx.alienvault.com/pulse/667ecd82548e727132558c15
Tags
surveillance
rat
phishing
android
keylogger
2024-06-28
spymax

Date

  • Created: June 28, 2024, 2:49 p.m.
  • Published: June 28, 2024, 2:49 p.m.
  • Modified: June 28, 2024, 2:57 p.m.

Indicators

  • 154.213.65.28
  • https://telegroms.icu/assets/download/ready.apk
  • http://154.213.65.28:7771
  • telegroms.icu
Download all indicators here!

Attack Patterns

  • SpyMax
  • T1010
  • T1064
  • T1012
  • T1087
  • T1016
  • T1057
  • T1083
  • T1071
  • T1033
  • T1059