Threat actors primarily target remote access and control of victims’ devices by employing deceptive tactics. They often create fake apps or pose as legitimate ones to trick users into downloading malicious software, compromising the targeted devices’ security and privacy.
This approach allows them to gain unauthorized access, potentially steal sensitive information, or carry out other malicious activities.
Cybersecurity researchers at K7 Security Labs recently identified Rusty Droid RAT, a stealthy Android malware masquerading as a Chrome browser to read SMS and intercept emails.
Rusty Droid persists by repeatedly prompting the user to enable Accessibility Service, concealing its icon from the app drawer once granted.
Before linking to C2, the Rusty Droid malware collects the following data:
With accessibility permissions, it decrypts ‘LqL.json’ to an executable DEX file and deploys ‘settings.xml’ with the C2 server IP and bot ID.
This Trojan abuses the Android Accessibility Service as a keylogger, stealing victims’ data like passwords, credit card details, and messages and sending it to cybercriminals for identity theft and fraud, with a connection to C2 server “176.111.174[.]191.
This malware can collect keystrokes during user interaction with those applications to steal login information, including cryptocurrency wallet seed phrases, by connecting to a control server to get a list of targeted programs.
Here below, we have mentioned all the targeted applications:
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Try a free trial to ensure 100% security.
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…
Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…
The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…
Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…
Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…
Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…