Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Cyber ​​criminals deploy over 100,000 Android malware to steal OTP codes
Global Security

Cyber ​​criminals deploy over 100,000 Android malware to steal OTP codes

AdminBy AdminJuly 31, 2024No Comments4 Mins Read
Malware Android Apps
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 31, 2024Ravi LakshmananMobile Security / Malware

Malicious programs for Android

Since at least February 2022, a new malware campaign has been observed using malicious Android apps to steal users’ SMS messages as part of a large-scale campaign.

The malware, which spans more than 107,000 unique samples, is designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud.

“Of these 107,000 malware samples, more than 99,000 of these apps are/were unknown and not available in public repositories,” according to mobile security company Zimperium. said in a report shared with The Hacker News. “This malware monitored OTP messages for more than 600 global brands, with some brands having users in the hundreds of millions.”

Victims of the campaign were found in 113 countries, India and Russia lead the list, followed by Brazil, Mexico, the USA, Ukraine, Spain and Turkey.

Cyber ​​security

The starting point of the attack is the installation of a malicious application, which the victim is tricked into doing install on your device either through deceptive advertising that mimics app listings in the Google Play Store, or through any of Telegram’s 2,600 bots that act as a distribution channel by masquerading as legitimate services (such as Microsoft Word).

Once installed, the program requests permission to access incoming SMS messages, after which it contacts one of 13 control servers (C2) to transmit the stolen SMS messages.

“The malware remains hidden by constantly monitoring new incoming SMS messages,” the researchers said. “Its primary target is one-time passwords used for online account verification.”

It is currently unclear who is behind this operation, although threat actors have been seen accepting various payment methods, including cryptocurrency, to fuel a service called Fast SMS (fastsms(.)su), which allows customers to buy access to virtual phone numbers.

It is likely that phone numbers associated with infected devices are used without the owner’s knowledge to register various online accounts by collecting one-time passwords required for two-factor authentication (2FA).

Hacker news

In early 2022, Trend Micro shed light about a similar financially motivated service that gathered Android devices into a botnet that could be used to “mass sign up one-time accounts or create phone-verified accounts for fraud and other criminal activities.”

“These stolen credentials serve as a springboard for further fraudulent activities, such as creating fake accounts on popular services to launch phishing campaigns or social engineering attacks,” Cimperium said.

Conclusions are emphasized continuation abuse Telegram, a popular instant messaging app with more than 950 million monthly active users, has been targeted by attackers with a variety of goals ranging from spreading malware to C2.

Earlier this month, Positive Technologies disclosed two families of SMS stealers, called SMS Webpro and NotifySmsStealer, that target Android device users in Bangladesh, India, and Indonesia to deliver messages to a criminal-backed Telegram bot.

Also, a Russian cyber security company discovered malicious strains of theft masquerading as TrueCaller and ICICI Bank and capable of stealing users’ photos, device information and notifications via the messaging platform.

“The chain of infection starts with a typical phishing attack on WhatsApp,” security researcher Varvara Ahapkina said. “With few exceptions, an attacker uses phishing sites posing as a bank to get users to download apps from them.”

Another malware that uses Telegram as a C2 server is TgrAT, a Windows remote access trojan that was recently updated to include a Linux variant. It is equipped to download files, take screenshots and execute commands remotely.

“Telegram is widely used as an enterprise messenger by many companies,” – Dr. Web. said. “Thus, it’s no surprise that threat actors can use it as a vector to deliver malware and steal sensitive information: the popularity of the app and the regular traffic on Telegram’s servers make it easy to mask malware in a compromised network.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.