A Newly discovered Android Trojan with Hidden Malicious code compromise Android Phone and steal sensitive information from victims well-known chat Messengers.
Andriod Malware is kept increasing and targeting victims around the world using many advanced functionalities.
This Trojan distributing as com.android.boxa and the method of distribution via a malicious app called Cloud Module in China.
This Malware is designed to steal the information from following Android Messenger.
This Malware using A lot of advanced functionalities such as anti-emulator and debugger detection techniques to evade dynamic analysis.
This Malicious app contains a lot of obfuscation function with the configured file and The purpose of the content/file obfuscation is to avoid detection.
According to trustlook research, The malware attempts to hide the strings to avoid being detected. For example, the following strings are stored in arrays and are XOR encrypted with 24 to get the real strings.
Also under the folder name called Assets contains an encrypted module and the all the module are completely encrypted and this module including “coso”, “dmnso”, “sx”, “sy”, the malware uses the first byte in the module to XOR decrypt the data.
After the complete infection, Malware will establish the connection with its command and control server which is operated by the attacker.
Later it shares the collected information once the malware gets the specific command from the attacker.
If the Android SDK version is less than 16, the malware loads “sy” module from Assets, otherwise it loads “sx” module. These modules attempt to modify the “/system/etc/install-recovery.sh” file to maintain persistence on the device.
Since the Attacker using Code obfuscation/hiding increases the malware author’s ability to avoid detection and becomes a sophisticated challenge to anti-virus software.
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…
