Forwarded from Pegasus NSO & other spyware
Playing Possum: What's the Wpeeper Backdoor Up To? | XLab_qianxin
Via @androidmalware
#Android #Trojan #Possum #Wpeeper
#WordPress
On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently registered and had no detections, drawing our attention. Upon analysis, we confirmed that this ELF was malware targeting Android systems, utilizing compromised WordPress sites as relay C2 servers, and we named it Wpeeper.
Wpeeper is a typical backdoor Trojan for Android systems, supporting functions such as collecting sensitive device information, managing files and directories, uploading and downloading, and executing commands
.Via @androidmalware
#Android #Trojan #Possum #Wpeeper
#WordPress