Warning 5 New Trojanized Android Apps Spying On Users In Pakistan
Designed to masquerade apps such as the
Pakistan Citizen Portal, a Muslim prayer-clock app called
Pakistan Salat Time,
Registered SIMs Checker, and
TPL Insurance, the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable (DEX) file. The DEX payload contains most of the malicious features, which include the ability to covertly exfiltrate sensitive data like the user s contact list and the full contents of SMS messages, Sophos threat researchers Pankaj Kohli and Andrew Brandt said. The app then sends this information to one of a small number of command-and-control websites hosted on servers located in eastern Europe.
ALERT: North Korean hackers targeting South Korea with RokRat Trojan
RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT). The file contains an embedded macro that uses a VBA self decoding technique to decode itself within the memory spaces of Microsoft Office without writing to the disk. It then embeds a variant of the RokRat into Notepad, the researchers noted in a Wednesday analysis.