One Article Review
Accueil - L'article:
Source Cyble.webp Cyble
Identifiant 8648179
Date de publication 2025-02-12 10:31:36 (vue: 2025-02-12 11:07:54)
Titre BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites
Texte Cyble BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites Key Takeaways BTMOB RAT is an advanced Android malware evolved from SpySolr that features remote control, credential theft, and data exfiltration. It spreads via phishing sites impersonating streaming services like iNat TV and fake mining platforms. The malware abuses Android\'s Accessibility Service to unlock devices, log keystrokes, and automate credential theft through injections. It uses WebSocket-based C&C communication for real-time command execution and data theft. BTMOB RAT supports various malicious actions, including live screen sharing, file management, audio recording, and web injections. The Threat Actor (TA) actively markets the malware on Telegram, offering paid licenses and continuous updates, making it an evolving and persistent threat. Overview On January 31, 2025, Cyble Research and Intelligence Labs (CRIL) identified a sample lnat-tv-pro.apk (13341c5171c34d846f6d0859e8c45d8a898eb332da41ab62bcae7519368d2248) being distributed via a phishing site “hxxps://tvipguncelpro[.]com/” impersonating iNat TV - online streaming platform from Turkey posing a serious threat to unsuspecting users. Figure 1 – Phishing site distributing this malicious APK fileFigure 1 – Phishing site distributing this ma
Notes ★★★
Envoyé Oui
Condensat $300  connection /protected 000 001 003 004 04241bc4ce9cece5644cd7f8f86ede7def5cb6122b2f3b5760c2c3556da34a7d 061fdbf0c61a29d31406887a40b4f6a551600f7366a711ecce6063f61965308d 071d3ad980ea77a9041c580015b2796d3d5d471c2fc1039c8f381501efb3cda0 0x6rss 1024x512 123/yaarsa/private/yarsap 123:8080 13341c5171c34d846f6d0859e8c45d8a898eb332da41ab62bcae7519368d2248 135 186cd8d9998d6c4e2d12a1370056ba910a6f8a2176c8b0c9362a868830fcfb07 2024 2025 23e6d0fd3bbc71c0188acab43d454c39fa56d206 2b307f11ae418931674156425c47ff1c0645fb0b160290cd358599708ff62668 2b725322f9a019b0106a084694c18fbb8604cf64c65182153c4d67ff3adf4e48 300x150 6ce41ee43a5d5f773203cfcf810c0208246f0b27505d49b270288751a747f5a3 80541 8548600b4e461580fe32fea6c1e233a5862483ca9a617d79fdea001ebf5556cc 8dbfcf6b67ee6c5821564bf4228099beaf5f40e4a87118cbb1e52d8f01312f40 8df615fa33dcd7aa81adc640ac42a6a9a4a2bebbb5308f1d8a35afa169e99229 9141e25b93d315843399a757cddb63af55bdbdd4094fba4a6b2bbea89bf9ecf9 937e77d2a910a1452f951d2de6f614a6219e707c40b6789ccf31cac0d82868cc a4c15afd6cb79b66fce3532907e65ccd13c8140a3cb26cc334138775f7a6aebd abuses access accessibility accordingly action actions active actively activities activity actor add additional adjusts advanced advertisement advertising aes after against alert all allow along also analysis analyzed android announced announcement another anti any api apk app application applications approximately apps are argument arraylist artifacts: suppress associated att&ck® attackers audio authentication automate automatically b053a3d68abb27e91c2caf5412de7868fe50c7506e1f9314fee4c26285db7f59 b724ca474c2bca77573e071524bd5500f0355c8b6b8bb432dcc2d8664ed2d073 back based battery bb20f2bfb78fd5a2ff4693939d061368949cd717b8033b6facba82df26b31a1a been behavior being below below: best biometric black block: body boot bot botid boundaries brows btmob c&c called can capabilities caption= capture capture: keylogging captures capturing careful carried carry cb801ef4d92394f984f726c9fc4f8315 change channel charsequence charsequence” chat checked checks circulation class clicking clicks client clip clipboard cmnd code codebase collect collected collecting collection collects color com com/ com/con com/private/spysolr com/wp com/” command commands communicate communicated communication completed compression compromise conceal conclusion configuration confirming connected connection connects contacts containing content content/uploads/2025/02/btmob contents continuous control controlling controls coordinates corresponding course crax create creating credential credentials cril currently cursor cybercriminals cybersecurity cyble d7b115003784ac2a595083795abffe68d834cdf0 data data: contact data: sms date december decrypting defense deleting delivered demonstrated demonstrates description detailed details detection determine determining developed device devices dictates different digits directories directory discovered discovery dispatchgesture displays distributed distributing distribution download downloaded downloading downloads draw during e54490097af9746e375b87477b1ffd2d each earlier edit effort either emails enable enabled enables enabling encrypt encrypted encrypting enforce enhance ensure enter entered entering enters enumerates essential establish establishing establishment evade evasion even event events evlf evolution evolved evolving execute executed executes executing execution execution: broadcast exfiltrated exfiltration exhibits exists extdata external extracted facial factor fails fake feature features fetch field figure figures file file= filename files fingerprint first flagged follow following follows foreground found from function genuine gestures get gets given going google grant handles has have help hide hides high highlighting home html http https://cyble hxxp://78 hxxp://server hxxps://spysolr hxxps://tvipguncelpro icon identified identify idf illustrated illustrates image images impact impersonating inat include includes including including: indeed indicate indicating indicator indicators infected information ini
Tags Malware Tool Threat Mobile
Stories
Move


L'article ne semble pas avoir été repris aprés sa publication.


L'article ne semble pas avoir été repris sur un précédent.
My email: