Today > vulnerabilities   -   You can now download lists of IOCs here!

Tag: mobile malware

7 attack reports | 0 vulnerabilities

Attack reports

The Mobile Malware Chronicles: Necro.N - Volume 101

Zimperium's zLabs researchers have been tracking Necro.N, a highly intrusive mobile malware campaign, since July. This malware, potentially succeeding Joker, uses obfuscation and steganography to hide malicious payloads within images. It downloads payloads from C2 servers, enabling remote code exec…

obfuscation
steganography
c2 server
mobile malware
2024-10-21
joker
necro.n
libsvm.so
fleeceware
advertising sdk
libcoral.so
Published: October 21, 2024

Downloadable IOCs 6

New Android Spyware Campaign Targets South Koreans via AWS

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…

android
spyware
south korea
cloud security
data exfiltration
aws
mobile malware
2024-10-01
stealth techniques
Published: October 1, 2024

Downloadable IOCs 7

Wallet Scam: A Case Study in Crypto Drainer Tactics

A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The …

social engineering
mobile malware
2024-09-27
crypto drainer
walletconnect
Published: September 27, 2024

Downloadable IOCs 8

WalletConnect Scam: A Case Study in Crypto Drainer Tactics

An investigation uncovered a malicious app on Google Play targeting mobile users to steal cryptocurrency. The app, posing as a legitimate WalletConnect tool, used advanced evasion techniques to avoid detection for nearly five months. It achieved over 10,000 downloads through fake reviews and brandi…

android
cryptocurrency
mobile malware
2024-09-26
ms drainer
Published: September 26, 2024

Downloadable IOCs 6

European Banks Already Under Attack by New Malware Variant

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…

banking trojan
dga
mobile malware
2024-09-25
zombinder
exobot
coper
exobotcompact
octo2
Published: September 25, 2024

Downloadable IOCs 0

The trojan horse that wanted to fly

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…

phishing
remote access
banking trojan
brazil
keylogging
mobile malware
2024-09-02
device takeover
hook
rocinante
ermac
Published: September 2, 2024

Downloadable IOCs 4

New Mandrake Android spyware version discovered on Google Play

n April 2024, Securelist discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed as many as five Mandrake applications, which had been available on Google Play from 2022 to 2024 with more than 32,000 installs in total, while staying undetected by any …

malware
android
spyware
google play
2024-07-29
mobile malware
mandrake
response opcode
apk file
airfs
Published: July 29, 2024

Downloadable IOCs 9

» Click here to see all Attack Reports «