Massive Phishing Campaigns Target India Banks’ Clients

  • Posted on: November 07, 2022
  • Posted in: Malware, Cyber Crime, Phishing, Cyber Threats, Endpoints, Mobile, Articles, News, Reports
  • Author:
    Trend Micro

We observed an uptick in attacks targeting bank customers in India, the common entry point being a text message with a phishing link. The SMS content urges the victims to open the embedded phishing link or malicious app download page and follow the instructions: To fill in their personally identifiable information (PII) and credit card details to allegedly get a tax refund or credit card reward points.

Read More

Examining New DawDropper Banking Dropper and DaaS on the Dark Web

  • Posted on: July 29, 2022
  • Posted in: Malware, Research, Mobile, Articles, News, Reports
  • Author:
    Trend Micro

Malicious actors have been surreptitiously adding a growing number of banking trojans to Google Play Store via malicious droppers this year, proving that such a technique is effective in evading detection. Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other cybercriminals disseminate their malware on Google Play Store, resulting in a dropper-as-a-service (DaaS) model.

Read More

Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys

  • Posted on: May 16, 2022
  • Posted in: Malware, Research, Mobile, Articles, News, Reports
  • Author:
    Cifer Fang, Ford Qin, Zhengyu Dong

We recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. Because of the number and popularity of these apps — some of them have been installed over a hundred thousand times — we decided to shed some light on what these apps actually do by focusing on some of the more notable examples.

Read More

An Investigation of Cryptocurrency Scams and Schemes

  • Posted on: March 24, 2022
  • Posted in: Research, Mobile, Articles, News, Reports, Cyber Threats
  • Author:
    Cifer Fang, Vladimir Kropotov, Loseway Lu, Qi Sun, Fyodor Yarochkin

The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency and non-fungible tokens (NFTs).

Read More

SMS PVA Services' Use of Infected Android Phones Reveals Flaws in SMS Verification

  • Posted on: February 16, 2022
  • Posted in: Cyber Crime, Research, Mobile, Articles, News, Reports, Cyber Threats
  • Author:
    Zhengyu Dong, Ryan Flores, Vladimir Kropotov, Paul Pajares, Fyodor Yarochkin

There has been an increase in short message service (SMS) phone-verified account (PVA) services in the last two years. SMS PVA services provide alternative mobile numbers that customers can use to register for online services and platforms. These types of services help circumvent the SMS verification mechanisms widely used by online platforms and services to authenticate new accounts. Malicious actors can register disposable accounts in bulk or create phone-verified accounts for criminal activities. 

Read More

Investigating APT36 or Earth Karkaddan’s Attack Chain and Malware Arsenal

  • Posted on: January 24, 2022
  • Posted in: APT & Targeted Attacks, Articles, News, Reports
  • Author:
    Trend Micro

APT36, also known as Earth Karkaddan, a politically motivated advanced persistent threat (APT) group, has historically targeted Indian military and diplomatic resources. This APT group (also referred to as Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe) has been known to use social engineering and phishing lures as an entry point, after which, it deploys the Crimson RAT malware to steal information from its victims.

Read More

Fake Android Apps Communicate For Malware, Ad Fraud

  • Posted on: February 6, 2020
  • Posted in: Mobile, Malware
  • Author:
    Lorin Wu (Mobile Threats Analyst)

We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.

Read More

First Binder Exploit Linked to SideWinder APT Group

  • Posted on: January 6, 2020
  • Posted in: APT & Targeted Attacks, Mobile, Research
  • Author:
    Ecular Xu (Mobile Threats Analyst)

We found three malicious apps in the Google Play Store that work together to compromise a victim’s device and collect user information. One of these apps, called Camero, exploits CVE-2019-2215, a vulnerability that exists in Binder (the main Inter-Process Communication system in Android). This is the first known active attack in the wild that uses the use-after-free vulnerability.

Read More