A Newly discovered Android Trojan with Hidden Malicious code compromise Android Phone and steal sensitive information from victims well-known chat Messengers.
Andriod Malware is kept increasing and targeting victims around the world using many advanced functionalities.
This Trojan distributing as com.android.boxa and the method of distribution via a malicious app called Cloud Module in China.
This Malware is designed to steal the information from following Android Messenger.
This Malware using A lot of advanced functionalities such as anti-emulator and debugger detection techniques to evade dynamic analysis.
This Malicious app contains a lot of obfuscation function with the configured file and The purpose of the content/file obfuscation is to avoid detection.
According to trustlook research, The malware attempts to hide the strings to avoid being detected. For example, the following strings are stored in arrays and are XOR encrypted with 24 to get the real strings.
Also under the folder name called Assets contains an encrypted module and the all the module are completely encrypted and this module including “coso”, “dmnso”, “sx”, “sy”, the malware uses the first byte in the module to XOR decrypt the data.
After the complete infection, Malware will establish the connection with its command and control server which is operated by the attacker.
Later it shares the collected information once the malware gets the specific command from the attacker.
If the Android SDK version is less than 16, the malware loads “sy” module from Assets, otherwise it loads “sx” module. These modules attempt to modify the “/system/etc/install-recovery.sh” file to maintain persistence on the device.
Since the Attacker using Code obfuscation/hiding increases the malware author’s ability to avoid detection and becomes a sophisticated challenge to anti-virus software.
Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search…
Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the…
Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains, posing…
Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware,…
The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of…
Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious…
