Threats Tagged 'android trojan'

Rokarolla is an Android banking trojan distributed via malicious websites posing as popular apps like TikTok or Google Chrome. It targets 217 cryptocurrency and banking apps with 137 commands to control infected devices. The malware harvests lock screen credentials, contact lists, SMS data, and uses keyloggers and fraudulent overlays to steal banking information. It disables Google Play Protect, hijacks SMS and calls, manipulates clipboard content for cryptocurrency theft, and performs screen surveillance. Rokarolla maintains persistence by hiding its icon, muting audio, and keeping the screen active indefinitely.

North Korea-aligned APT group ScarCruft executed a multiplatform supply-chain attack targeting ethnic Koreans in China's Yanbian region, an area significant for North Korean refugees and defectors. Since late 2024, the group compromised a video gaming platform dedicated to Yanbian-themed games, trojanizing both Windows and Android components with the BirdCall backdoor. The Windows client received malicious updates leading to RokRAT and subsequently BirdCall deployment, while Android games were directly trojanized. This marks the first discovery of Android BirdCall, capable of comprehensive surveillance including data collection, screenshots, and voice recording. The campaign focuses on espionage against individuals of interest to the North Korean regime, particularly refugees and defectors.

A new Android Trojan named Datzbro has been discovered targeting seniors through fake Facebook groups promoting travel and social activities. The malware, which combines spyware and banking Trojan capabilities, is distributed via malicious APKs disguised as community apps. Datzbro features remote access, screen sharing, black overlay attacks, and keylogging, allowing attackers to perform financial fraud. It specifically targets banking and crypto-related apps, stealing credentials and sensitive information. The malware's origin appears to be Chinese-speaking developers, and its command-and-control application has been leaked, potentially making it a global threat. The campaign demonstrates the evolving sophistication of mobile threats, blending social engineering with advanced technical capabilities.

MediumCampaignGermanyUnited KingdomFrance+5#android trojan#facebook groups#remote access

A new Android Trojan called PhantomCard is targeting banking customers in Brazil, with potential for global expansion. The malware relays NFC data from victims' banking cards to fraudsters' devices, enabling unauthorized transactions. Distributed through fake 'Google Play' pages as a 'card protection' app, PhantomCard is based on a Chinese-originating NFC relay Malware-as-a-Service. The actor behind it is a known reseller of Android threats in Brazil. PhantomCard's emergence highlights the growing popularity of NFC-based attacks among cybercriminals and the evolving threat landscape, where local threats can reach global markets through reselling schemes.

MediumMalwarePortugalSpainItaly+4#btmob#brazil#phantomcard