Android app breaking bad: From legitimate screen recording to file exfiltration within a year | WeLiveSecurity β 2023
#AhRAT #RAT
The applicationβs specific malicious behavior, which involves extracting microphone recordings and stealing files with specific extensions, potentially indicates its involvement in an espionage campaign.
#AhRAT #RAT
WeLiveSecurity
Android app breaking bad: From legitimate screen recording to file exfiltration within a year
ESET research uncovers AhRat, a new Android RAT based on AhMyth that steals files and records audio and was distributed via an app in the Google Play Store.
Forwarded from Pegasus NSO & other spyware
Securonix Threat Labs Security Advisory: New MULTI#STORM Attack Campaign Involving Python-based Loader Masquerading as OneDrive Utilities Dropping Multiple RAT Payloads Using Security Analytics - Securonix β June 2023
#RAT #MultiStorm #Trojan #JS #Python #malware #India #US
An interesting phishing campaign was recently analyzed by the Securonix Threat Research Team. The attack kicks off when the user clicks on a heavily obfuscated JavaScript file contained in a password protected zip file. Some of the victims targeted by the MULTI#STORM campaign appear to be in the US and India.
The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT. Both are used for command and control during different stages of the infection chain.
#RAT #MultiStorm #Trojan #JS #Python #malware #India #US