I.Zhilyakov

IoCs: github.com/DoctorWebLtd/m…

Phantom: new Android clicker malware family distributed via popular modded apps and Xiaomi’s GetApps games. It performs click fraud using hidden WebView automation, TensorFlowJS-based ad recognition, and WebRTC screen streaming with remote control. news.drweb.com/show/?i=15110&…

Baohuo Android backdoor hijacks Telegram accounts. Malicious versions of Telegram X are distributed via APKPure and other and are posted as if they were from the official messenger developer. It uses Redis as its C2 and has infected over 58,000 devices news.drweb.com/show/?lng=en&i…

Android #GravityRat af3a57a9fc9faf73a1dcad3aa95d67427daa48cbf0917a26d8cd72cae72921fe Distribution: voipchat[.]in C2: an-east.androidannotations[.]com eu-west.androidannotations[.]com cn-west.androidannotations[.]com virustotal.com/gui/file/af3a5…

Android spyware trojan targets Russian military personnel who use AlpineQuest. It steals contacts, device geolocation, file information, and loads modules. news.drweb.com/show/?lng=en&i…

@Steven_Chen0616 Thanks! Got it. iOS version as well.

@m0br3v Hi @m0br3v this is spyware app MD5: 6f4655824fab7c9abbc048b67c812436 pele28mf .store/dlapk3/1744208078/1742478271.apk

Shibai: a trojanized WhatsApp variant preinstalled in firmware on some cheap Android phones. Modified via LSPatch, it swaps crypto addresses in messages and hijacks update URLs to maintain control news.drweb.com/show/?lng=en&i…

Our latest blog dives into a new variant of #Vo1d #botnet. C2 sinkhole data reveals it has infected 1.6M Android TVs across 200+ countries. Now leveraging RSA , its network can remains secure even if researchers register DGA C2s blog.xlab.qianxin.com/long-live-the-…

IoCs: github.com/DoctorWebLtd/m…

Android.Vo1d infected nearly 1.3 million TV boxes It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software. news.drweb.com/show/?i=14900&…

Telegram-controlled backdoor trojan targets Linux servers news.drweb.com/show/?i=14877&…

Our new blog details how the Bigpanzi botnet exploits Android OS TVs and set-top boxes, turning them into a network for illegal activities. This 8 years' operation notably includes setting up a Content Delivery Network (CDN) using infected devices, blog.xlab.qianxin.com/bigpanzi-expos…

@Anti_Malware news.drweb.ru/show/?i=14752

Действие сертификата антивируса компании «Доктор Веб», выданного ФСТЭК России, в настоящее время приостановлено. Согласно реестру регулятора, изменения вступили в силу 8 сентября 2023 года. anti-malware.ru/news/2023-09-2…

IoCs: github.com/DoctorWebLtd/m…

Android.Pandora trojans compromise Android TV boxes during firmware updates or when applications for viewing pirated video content are installed. This backdoor inherited its advanced DDoS-attack capabilities from the Linux.Mirai trojan. news.drweb.com/show/?i=14743&…

This SDK expands the capabilities of JavaScript code executed on loaded webpages containing ads. It adds many features to such code, including the ability to: - obtain a list of files in the directories, - obtain a file from the device, - read/write the clipboard contents etc.

101 apps on Google Play with at least 421,290,300 downloads contain а marketing SDK detected as Android.Spy.SpinOk. news.drweb.com/show/?lng=en&i… IoCs: github.com/DoctorWebLtd/m…

aa13c6cbd1caec145d06f1ac8568dbe460fa50b1f4025825ef54e5f32c184e07 "Hamraaz-Apk-v7.1.apk" c&c: 173.249.38.99 virustotal.com/gui/file/aa13c…

Another one 1e31e3dc6428bec9b8c41185619c2e68f4bd56d69bc6ab44e47b82561654f9c1 "Student portal 2022-2023.apk" c&c: 167.86.98.190 virustotal.com/gui/file/1e31e…

A fresh sample from India "APS New Fee Structure June 2022 to june 2023.apk" f7e67e5bd0bd08b99821eee2ee2f9121bb75ff7e91396a1828f25035e1f81ec4 c&c: 161.97.167[.]88 Related to 👇

It's trying to hide the payload server on the page from prying eyes👀 hxxps://sites.google.com/view/funny-themes-keyboard/home