Tag: mobile malware

13 Attack Reports | 0 Vulnerabilities

Attack reports

Kimsuky Distributing Malicious Mobile App via QR Code

A new campaign by Kimsuky involves distributing malicious mobile apps through QR codes and phishing websites. The apps, masquerading as delivery services, VPNs, and cryptocurrency tools, decrypt an embedded APK to deploy a RAT with extensive capabilities. The malware uses a native decryption functi…
rat
phishing
keylogging
apk
dprk
mobile malware
decryption
qr code
docswap
2025-12-16
Published: December 16, 2025
Downloadable IOCs: 12

The Price of Trust: Analyzing the Malware Campaign Exploiting TASPEN's Legacy to Target Indonesian Senior Citizens

A sophisticated mobile malware campaign is targeting Indonesian pensioners by impersonating TASPEN, the state pension fund. The attackers use a phishing website to distribute a malicious Android app that steals banking credentials, intercepts SMS messages for OTPs, and captures biometric data. The …
phishing
spyware
banking trojan
mobile malware
indonesia
senior citizens
2025-08-27
pension fund
taspen
Published: August 27, 2025
Downloadable IOCs: 7

Android backdoor spies on Russian business employees

A sophisticated Android backdoor named Android.Backdoor.916.origin is targeting Russian business representatives. The malware, disguised as an antivirus app called 'GuardCB', has extensive surveillance capabilities including intercepting calls, streaming camera footage, stealing data from messaging…
backdoor
surveillance
android
spyware
russian
2025-08-25
mobile-malware
business
android.backdoor.916.origin
targeted-attack
Published: August 25, 2025
Downloadable IOCs: 0

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

Mobile Indian Cyber Heist: FatBoyPanel And His Massive Data Breach

A mobile malware campaign targeting Indian banks has been uncovered, comprising nearly 900 samples aimed at Android devices. The malware, distributed via WhatsApp as fake government or banking apps, steals sensitive financial and personal data, including Aadhar and PAN card details, credit card inf…
phishing
android
banking trojan
data breach
mobile malware
sms interception
2025-02-05
otp theft
firebase
fatboypanel
Published: February 5, 2025
Downloadable IOCs: 891

Take my money: OCR crypto stealers in Google Play and App Store

Researchers discovered a new malware campaign dubbed 'SparkCat' targeting Android and iOS users through both official and unofficial app stores. The malware, embedded in various apps, uses OCR technology to scan users' image galleries for crypto wallet recovery phrases. Infected apps on Google Play…
ios
android
mobile malware
ocr
2025-02-05
sparkcat
app stores
crypto stealer
Published: February 5, 2025
Downloadable IOCs: 0

The Mobile Malware Chronicles: Necro.N - Volume 101

Zimperium's zLabs researchers have been tracking Necro.N, a highly intrusive mobile malware campaign, since July. This malware, potentially succeeding Joker, uses obfuscation and steganography to hide malicious payloads within images. It downloads payloads from C2 servers, enabling remote code exec…
obfuscation
steganography
c2 server
mobile malware
2024-10-21
joker
necro.n
libsvm.so
fleeceware
advertising sdk
libcoral.so
Published: October 21, 2024
Downloadable IOCs: 6

New Android Spyware Campaign Targets South Koreans via AWS

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
android
spyware
south korea
cloud security
data exfiltration
aws
mobile malware
2024-10-01
stealth techniques
Published: October 1, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 7

Wallet Scam: A Case Study in Crypto Drainer Tactics

A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The …
social engineering
mobile malware
2024-09-27
crypto drainer
walletconnect
Published: September 27, 2024
Downloadable IOCs: 8

WalletConnect Scam: A Case Study in Crypto Drainer Tactics

An investigation uncovered a malicious app on Google Play targeting mobile users to steal cryptocurrency. The app, posing as a legitimate WalletConnect tool, used advanced evasion techniques to avoid detection for nearly five months. It achieved over 10,000 downloads through fake reviews and brandi…
android
cryptocurrency
mobile malware
2024-09-26
ms drainer
Published: September 26, 2024
Downloadable IOCs: 6

European Banks Already Under Attack by New Malware Variant

A new version of the Octo malware, named Octo2, has emerged as a significant threat to European banks. This variant builds upon the capabilities of its predecessor, which was already a dominant force in mobile malware. Octo2 features improved remote access capabilities, sophisticated obfuscation te…
banking trojan
dga
mobile malware
2024-09-25
zombinder
exobot
coper
exobotcompact
octo2
Published: September 25, 2024
Downloadable IOCs: 0

The trojan horse that wanted to fly

Rocinante is a new strain of mobile malware originating from Brazil, capable of keylogging, stealing PII through phishing, and performing device takeover. It targets Brazilian banking institutions using a combination of Firebase messaging, HTTP traffic, WebSocket, and Telegram API for communication…
phishing
remote access
banking trojan
brazil
keylogging
mobile malware
2024-09-02
device takeover
hook
rocinante
ermac
Published: September 2, 2024
Downloadable IOCs: 4

New Mandrake Android spyware version discovered on Google Play

n April 2024, Securelist discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed as many as five Mandrake applications, which had been available on Google Play from 2022 to 2024 with more than 32,000 installs in total, while staying undetected by any …
malware
android
spyware
google play
2024-07-29
mobile malware
mandrake
response opcode
apk file
airfs
Published: July 29, 2024
Downloadable IOCs: 9
Click here to see more Attack Reports