An Android RAT targets Telegram Users
June 28, 2024, 2:57 p.m.
Tags
External References
Description
This analysis discusses SpyMax, a Remote Access Trojan (RAT) that targets Android devices and specifically aims at obtaining data from Telegram users. It employs phishing techniques to trick victims into installing a malicious application disguised as the legitimate Telegram app. Once installed, SpyMax gains extensive permissions, gathers sensitive information like keystrokes and location data, and transmits it to a remote command-and-control server. The malware also receives commands and additional payloads from the server, enabling remote control of the compromised device. The report outlines the technical details of SpyMax's operations, including its obfuscation methods, data exfiltration process, and communication with the command-and-control infrastructure.
Date
Published: June 28, 2024, 2:49 p.m.
Created: June 28, 2024, 2:49 p.m.
Modified: June 28, 2024, 2:57 p.m.
Indicators
154.213.65.28
https://telegroms.icu/assets/download/ready.apk
http://154.213.65.28:7771
telegroms.icu
Attack Patterns
SpyMax
T1010
T1064
T1012
T1087
T1016
T1057
T1083
T1071
T1033
T1059