Users in Uzbekistan are being targeted by Android SMS stealer malware, and it's a practice that's been going on for quite some time.
That's according to research coming from cybersecurity vendor Group-IB, which on Dec. 19 said its researchers observed a new wave of malware attacks targeting users in Uzbekistan, starting in October. The wave of attacks involves multiple threat groups, it added, including TrickyWonders, Blazefang, and Ajina.
The malware, which is used to steal money and credentials attached to an infected phone, is distributed as an APK file, presented as a safe application to be sideloaded or sent through Telegram. In the latter case, once the attacker has access to a target's Android device and phone number, the threat actor attempts to login to the victim's Telegram account and trick users on the device's contact list into installing (thereby spreading) the malware further.
Telegram-based methods like this (as well as simply buying stolen credentials on the Dark Web) are particularly popular with the attackers, because Telegram is the dominant instant messaging platform in Uzbekistan, according to Group-IB.
The attackers were observed using the SMS stealer Wonderland, dropper malware MidnightDat, the AES-based dropper RoundRift, money stealing malware Ajina.Banker, and SMS stealer Qwizzserial.
Related:A Cybersecurity Playbook for AI Adoption
As shown through this malware and other recent examples, the Android threat ecosystem is alive and well, filled with attackers looking to use social engineering and dangerous APKs for an easy payday.
Inside the Android Malware Campaigns
Though different attackers used different toolsets, the broad strokes were the same. Attackers used stolen Telegram access to trick other users into installing malicious Android apps. These apps steal banking details and are used to further propagate the attacker's reach.
As the Group-IB research team pointed out, SMS stealers like Wonderland are particularly dangerous because they lay quiet in a victim's environment.
... continue reading