A Newly discovered Android Trojan with Hidden Malicious code compromise Android Phone and steal sensitive information from victims well-known chat Messengers.
Andriod Malware is kept increasing and targeting victims around the world using many advanced functionalities.
This Trojan distributing as com.android.boxa and the method of distribution via a malicious app called Cloud Module in China.
This Malware is designed to steal the information from following Android Messenger.
This Malware using A lot of advanced functionalities such as anti-emulator and debugger detection techniques to evade dynamic analysis.
This Malicious app contains a lot of obfuscation function with the configured file and The purpose of the content/file obfuscation is to avoid detection.
According to trustlook research, The malware attempts to hide the strings to avoid being detected. For example, the following strings are stored in arrays and are XOR encrypted with 24 to get the real strings.
Also under the folder name called Assets contains an encrypted module and the all the module are completely encrypted and this module including “coso”, “dmnso”, “sx”, “sy”, the malware uses the first byte in the module to XOR decrypt the data.
After the complete infection, Malware will establish the connection with its command and control server which is operated by the attacker.
Later it shares the collected information once the malware gets the specific command from the attacker.
If the Android SDK version is less than 16, the malware loads “sy” module from Assets, otherwise it loads “sx” module. These modules attempt to modify the “/system/etc/install-recovery.sh” file to maintain persistence on the device.
Since the Attacker using Code obfuscation/hiding increases the malware author’s ability to avoid detection and becomes a sophisticated challenge to anti-virus software.
Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption…
Kaspersky's latest report on mobile malware evolution in 2024 reveals a significant increase in cyber…
In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices…
Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and…
Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell…
Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in…
