Banking Trojan Variant Spreading Through Android App

During our routine research operations/activities, Cyble Researchers found a variant of a banking Trojan that spreads through Android applications and steals the user’s sensitive information. Based on a post on Twitter, the fake banking application impersonated the prosecutor’s office of South Korea, with Korea as the primary target.  A banking Trojan is a malicious piece of software designed to gain unauthorized access to confidential information stored or processed through online banking systems. Generally, a Trojan performs malicious activities without the knowledge of the user. It establishes remote access connections, captures keyboard inputs, collects system information, downloads/uploads files in the victim’s machine, drops various malware into …

Banking Trojan Variant Spreading Through Android App Read More »

Android Trojan Malware Disguised as Syrian e-gov Android App

In a recent tweet, security researchers spoke about a Trojanized version of a Syrian E-government android app available from the e-gov web portal. Our investigation indicated that this malware campaign targets Syria and its surrounding countries struggling with the ongoing onslaught of the COVID-19 pandemic. We discovered that once installed, this app collects victim’s data such as contact lists and uploads selective file types from the user’s device to their C2 link. In our search to find the source of the app, we discovered that the site from where the …

Android Trojan Malware Disguised as Syrian e-gov Android App Read More »