Sunday, December 3, 2023

Maikspy – A Spyware Attack on Windows & Android Users via Adult Games

A newly discovered dangerous Maikspy spyware distributing through adult games that specifically target Windows and Android Users to steal sensitive private data.

Initially, Maikspy spyware posed as U.S based adult film actress and trick users to click and download it to perform further malicious activities.

Attackers distributing the Maikspy spyware via malicious websites, after the complete infection it connect via command & control server and shares the stolen information.

Various Twitter handles has promoted the malicious adult games called Virtual Girlfriend and share the link to vicitms via short links and targeting windows and android Platform users.

Maikspy Spyware Attack on Android

Maikspy variant that distributed via various twitter accounts that posed as Virtual Girlfriend is created to run on Android by tricking vicitms to visit the malicious domain.

The domain name has been shortened and shared via Twitter and once the user visits the concerned link which leads the user to land the malicious website.

The reached website asked victims to choose the gender and select the first girlfriend which leads to download malicious APK that will be installed and launched.

Once it launched, it used a trick that shows “Error: 401. App not compatible. Uninstalling…” a fake attempt to uninstall the app due to compatible issue and the app is going to remove from the device.

This is an attempt to the user into thinking that the app is already removed from the device but it silently Spying in the background of the infected Android device.

Later it checks the permissions and Steal the user’s data such as phone number, Steal accounts, installed app list, contacts, SMS and send to the attacker via command and control sever.

Maikspy Spyware Attack on Windows

The Windows-based variant of the Mikespy distributed via same Twitter handles which insists used to visit the malicious website (hxxp://miakhalifagame[.]com/) and trick users to download a file called MiaKhalifa.rar .

Downloaded files contain a README.txt file with information for users to turn off the anti-virus software and how to turn on the network, which the attacker needs to steal and upload data to its C&C server.

According to Trend Micro Research, Another File called Uninstall.exe is a copy of the open-source hacking tool Mimikatz (https://github[.]com/gentilkiwi/mimikatz). It has the ability to extract plaintext passwords, hash, PIN code, and Kerberos tickets from memory.
Here, Uninstall.exe is used to get the Windows account and password, and then writes the result to C:\Users\%username%\AppData\local\password.txt.

Another file called Setup.exe  in the RAR will be performing a core stealing operation same as Andoird based Maikspy variant, it uploads all the stolen data into C&C server which is controlled by an attacker.

Same a Virtual Girlfriend malicious app, Maikspy using adult apps to reach victims and steal the sensitive information.

Website

Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Booking.com Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles