An Android RAT targets Telegram Users

Tags

External References

• https://labs.k7computing.com/
• https://otx.alienvault.com/

Description

This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data from Telegram users. It employs phishing techniques to trick victims into installing a malicious application disguised as the legitimate Telegram app. Once installed, SpyMax gains extensive permissions, gathers sensitive information like keystrokes and location data, and transmits it to a remote command-and-control server. The malware also receives commands and additional payloads from the server, enabling remote control of the compromised device. The report outlines the technical details of SpyMax's operations, including its obfuscation methods, data exfiltration process, and communication with the command-and-control infrastructure.

Date